PT-2020-19374 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue concerns stored XSS in several PHP files, including data sources.php, color templates item.php, graphs.php, graph items.php, lib/api automation.php, user admin.php, and user group admin.php. This is...

The vulnerability of the implementation of the polymorphic data typing mechanism in the jackson-databind library allows a attacker to execute malicious loads.

The vulnerability of the Jackson-Databind library’s polymorphic data typing mechanism is related to deficiencies in input data processing. Exploiting this vulnerability could allow a malicious actor to execute malicious operations by processing classes such as...

CVE-2019-17336 TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources

The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data...

The vulnerability of the canvas objects in browsers such as Firefox, Firefox ESR, and the email client Thunderbird allows attackers to disclose protected information.

The vulnerability of the Canvas object in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...

Cacti - Complete Network Graphing Solution

IMPORTANT When using source or by downloading the code directly from the repository, it is important to run the database upgrade script if you experience any errors referring to missing tables or columns in the database. Changes to the database are committed to the cacti.sql file which is used fo...

How We Developed Our EQR Plugins

Extensible Analytics with EQR’s Lightweight, Ultra-Performance Plugin System I’ve written a few posts now on the plans and development of EQR Event Query Router, the open-source tool we built to give data scientists the ability to execute large-scale queries on real-time big data streams without...

Default credentials

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

[SECURITY] Fedora 30 Update: js-jquery-jstree-3.3.8-1.fc30

jsTree is jquery plugin, that provides interactive trees. It is absolutely free, open source and distributed under the MIT license. jsTree is easily extendable, themable and configurable, it supports HTML & JSON data sources, AJAX & async callback loading. jsTree functions properly in either...

Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs

Beagle is an incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images. The resulting Graphs can be sent to graph databases such as Neo4J or...

CVE-2019-0808

creationtimestamp| type| source ---|---|--- 2019-03-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=371 2019-03-13 10:23:16+00:00| exploited| https://t.me/CyberGovIL/381 2019-03-14 15:48:43+00:00| published-proof-of-concept| https://t.me/SecLabNews/4478 2019-03-15...

CVE-2019-0604

creationtimestamp| type| source ---|---|--- 2019-02-13 14:35:52+00:00| seen| MISP/5c642a56-2440-4af0-8bfd-6e4a0a021402 2019-03-23 18:43:00+00:00| published-proof-of-concept| https://t.me/antichat/4119 2019-03-23 19:42:30+00:00| seen| https://t.me/canyoupwnme/5306 2019-03-24 15:21:55+00:00| seen|...

The vulnerability in the multimedia streaming recording mechanism of Firefox browsers, Firefox ESR, and Thunderbird email software, related to improper type checking of data sources, allows attackers to trigger a service failure.

The vulnerability of the multimedia streaming recording mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email program relates to the issue of recording data as incorrect types. Exploiting this vulnerability allows an attacker to cause service interruptions by changing the type...

stoQ - An Open Source Framework For Enterprise Level Automated Analysis

stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed...

SpiderFoot - The Most Complete OSINT Collection And Reconnaissance Tool

SpiderFoot is an open source intelligence OSINT automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN or person's name. SpiderFoot can be used offensively, i.e. as part of a...

Stronger Security with Global IT Asset Inventory

On a Friday afternoon before a long holiday weekend, a company’s security operations center receives a potentially serious alert: It appears that a domain controller has been tampered with. After examining event logs and overlaying network traffic, a SOC analyst confirms that a suspicious system...

Security Bulletin: IBM StoredIQ is affected by a privilege escalation vulnerability

Summary IBM StoredIQ has addressed the following vulnerability that could allow an authenticated attacker to bypass certain security restrictions. Vulnerability Details CVEID: CVE-2018-1583 DESCRIPTION: IBM StoredIQ could allow an authenticated attacker to bypass certain security restrictions. By...

CVE-2019-8394

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/manageenginesduploader.rb 2020-12-09 07:18:57+00:00| seen| MISP/b426aa9c-dc22-4a91-8213-f8d513405423 2021-11-08 08:58:20+00:00| seen|...

CVE-2018-1583

IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331...

Design/Logic Flaw

IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331...

CVE-2018-1583

IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331...