CVE-2017-2240

Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service"...

Directory traversal

Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service"...

Sql injection

SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service"...

CVE-2017-2240

CVE-2017-2240 is a directory traversal vulnerability in Hammock AssetView for MacOS, affecting version 9.2.0 and earlier. The flaw allows a remote attacker to read arbitrary files through the AssetView’s File Transfer Web Service. The provided connected documents confirm the affected product and ...

CVE-2017-2241

Hammock AssetView for MacOS up to version 9.2.0 is affected by a SQL injection vulnerability in the File Transfer Web Service. The vulnerability allows a remote attacker to execute arbitrary SQL commands against the AssetView database. The issue is documented across multiple sources (e.g., CNVD-2...

CVE-2017-2240

Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service"...

CVE-2017-2241

SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service"...

Qualys Cloud Platform 2.28 New Features

This release of the Qualys Cloud Platform version 2.28 includes updates and new features for Cloud Agent, AssetView, ThreatPROTECT, Security Assessment Questionnaire and Web Application Scanning, highlights as follows: Cloud Agent Cloud Agent AIX Beta – beta release of Qualys Cloud Agent supporti...

Qualys Cloud Platform 2.27 New Features

This release of the Qualys Cloud Platform version 2.27 includes updates and new features for Cloud Agent and AssetView as follows: Highlights Platform / Cloud Agent API Host Asset Management API – updated to query on and return additional Cloud Agent attributes. The new attribute fields are not...

Visualizing the Stack Clash Vulnerability with Dashboards

Security teams should apply vendor patches immediately to protect their Linux, OpenBSD, NetBSD, FreeBSD and Solaris infrastructure from The Stack Clash vulnerability also see the security advisory. To help in that effort, this blog post describes a new built-in Qualys AssetView dashboard to...

Visualizing WannaCry & Shadow Brokers with Dashboards

To assess infections from WannaCry ransomware and threat exposure from the Shadow Brokers vulnerabilities across an entire IT environment, it's helpful to visualize your exposure via dynamic dashboards. Using Qualys AssetView and ThreatPROTECT, I created a single-pane incident response dashboard...

Intel AMT Vulnerability

Last week, Intel published a security advisory INTEL-SA-00075 regarding a new vulnerability in Intel Active Management Technology AMT, Intel Standard Manageability ISM, and Intel Small Business Technology SBT. The firmware versions impacted are 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. In...

Qualys Cloud Platform 2.26 New Features

This release of the Qualys Cloud Platform version 2.26 includes updates and new features for Cloud Agent, AssetView, Security Assessment Questionnaire and Web Application Scanning as follows: Highlights Cloud Agent Platform View Module Activation Job Status – adds a button in Agent Management tab...

The Shadow Brokers Release Zero Day Exploit Tools

On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows. Exploiting these vulnerabilities in many cases leads to remote code execution an...