Pallets Werkzeug Insufficient Entropy

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream

We have observed the following crash in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- ======================================= VERIFIER STOP 00000007: pid 0x2C1C: Heap block already freed. 0C441000 : Heap handle for the heap owning the...

CVE-2019-0349

SAP Kernel ABAP Debugger, versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to...

CVE-2019-0349

CVE-2019-0349 affects SAP Kernel (ABAP Debugger). The flaw allows a user to execute the Go to statement without the authorization S_DEVELOP_DEBUG_02, resulting in a Missing Authorization Check. Affected are SAP Kernel ABAP Debugger variants: KRNL32NUC/UC, KRNL64NUC/UC, across versions 7.21, 7.21E...

Goop - Google Search Scraper (Bypass CAPTCHA)

goop can perform google searches without being blocked by the CAPTCHA or hitting any rate limits. How it works? Facebook provides a debugger tool for its scraper. Interestingly, Google doesn't limit the requests made by this debugger whitelisted? and hence it can be used to scrap the google searc...

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

DEBIAN-CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

Design/Logic Flaw

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

PYSEC-2019-140

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

UBUNTU-CVE-2019-14806

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

PYSEC-2019-140

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id...

CVE-2019-14806

CVE-2019-14806 affects Pallets Werkzeug prior to 0.15.3 when used with Docker, due to insufficient debugger PIN randomness caused by containers sharing the same machine-id. This enables remote exploitation with network access; CVSSv3 base score 7.5. Remediation is to upgrade Werkzeug to 0.15.3 or...

Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive

Introduction This blog post is the second in a three-part series covering our Windows 10 memory forensics research and it coincides with our BlackHat USA 2019 presentation. In Part One of the series, we covered the integration of the research in both Volatily and Rekall memory forensics tools. We...

[SECURITY] Fedora 30 Update: radare2-3.6.0-1.fc30

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

GNU Debugger (GDB) Buffer Overflow Vulnerability

GNU gdb is a GNU Project debugger from the GNU Project. It supports debugging C, C++, Pascal, and FORTRAN programming languages. A buffer overflow vulnerability exists in the main module in GNU gdb. The vulnerability stems from a networked system or product that performs operations in memory...

Dwarf - Full Featured Multi Arch/Os Debugger Built On Top Of PyQt5 And Frida

A debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code. Checkout the website for features, api and examples CHANGELOG...

Quantopian: Cross-site scripting on algorithm collaborator

Hi again my favorite VDP team. I bring you 8th bug and 4th cross-site scripting. Currently trying to upload python code via self-serve data, not looking for XSS'es only, but they're a thing still, right? Summary: By sending specially crafted websockets request attacker can run javascript in...

Binary vulnerability in ollydbg buffer

OllyDbg is a 32-bit Microsoft Windows assembly-level analyzing debugger, especially useful when source code is unavailable or the compiler encounters problems. A binary vulnerability exists in the ollydbg buffer that can be exploited by an attacker to cause a denial of service to the server...

Fedora Update for openocd FEDORA-2019-0a5e82cea8

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...