306 matches found
CVE-2021-39226
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...
Design/Logic Flaw
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...
CVE-2021-39226
Grafana CVE-2021-39226 describes a snapshot authentication bypass that allows viewing and deleting the lowest-key snapshot via literal paths. Affected: Grafana snapshot feature (unauthenticated and authenticated users can access /dashboard/snapshot/:key and /api/snapshots/:key to view the lowest-...
CVE-2021-39226 Snapshot authentication bypass in grafana
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...
Nagios XI file inclusion vulnerability
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A local file inclusion vulnerability exists in versions of Nagios XI prior to 5.8.5. The vulnerability stems from an improper...
Vulnerability Spotlight: Two vulnerabilities in Advantech WebAccess/SCADA
Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two vulnerabilities in the Advantech WebAccess/SCADA software package. An adversary could exploit each of these vulnerabilities to disclose sensitive information and elevate their...
Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration
Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...
Add Security Events to Your Monitoring Tools
Real-time monitoring is important in every organization because it enables stakeholders to understand what is happening at any given time and react quickly. There are a lot of systems and devices we can and should monitor using tools such as application performance monitoring, digital performance...
lightning-server cross-site scripting vulnerability
lightning-server is a personal developer Npm library for data visualization applications . The library provides API-based access to reproducible Web-based interactive visualizations. A security vulnerability exists in all versions of lightning-server, which can be exploited by an attacker to inje...
[SECURITY] Fedora 32 Update: zabbix-4.0.22-1.fc32
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
[SECURITY] Fedora 31 Update: zabbix-4.0.22-1.fc31
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
Learn Machine Learning and AI – Online Training Program @ 93% OFF
Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skil...
Learn Machine Learning and AI – Online Training Program @ 93% OFF
Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skil...
Exploit for CVE-2014-7911
Security-Data-Analysis-and-Visualization 2018-2020青年安全圈-活跃技术博主/博客 Why - 最初目的:个人日常安全阅读资源不足,需要从博客、Github、Twitter等多个数据源补充。 - 延续目的:以人为核心,系统化收集博客、Github、当前主要研究方向、所属安全组织、学校、公司、RSS、知乎、微博、Email等信息,缩小安全圈的范围。 - 信息检索:通过关键字检索,方便找人,缩小人与人之间的交流障碍。比如通过高校关键字,可以快速找到校友,通过网络ID快速找到博主。 -...
Kibana 6.6.1 - CSV Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: Kibana 6.6.1 - CSV Injection Google Dork: inurl:"/app/kibana" intitle:"Kibana" Exploit Author: Aamir Rehman Vendor Homepage: https://www.elastic.co/kibana Software Link: https://www.elastic.co/downloads/ Version: v6.6.1...
Kibana 6.6.1 CSV Injection
Exploit Title: Kibana 6.6.1 - CSV Injection Google Dork: inurl:"/app/kibana" intitle:"Kibana" Date: 2020-01-15 Exploit Author: Aamir Rehman Vendor Homepage: https://www.elastic.co/kibana Software Link: https://www.elastic.co/downloads/ Version: v6.6.1 possibly latest versions Tested on: Kibana...
Constellation - A Graph-Focused Data Visualisation And Interactive Analysis Application
Constellation is a graph-focused data visualisation and interactive analysis application enabling data access, federation and manipulation capabilities across large and complex data sets. Vision Statement Constellation is a first class, domain agnostic data visualisation and analysis application...
Splunk Discovery Day Moscow 2018
Today I attended the Splunk Discovery Day 2018 conference. It is something like a local equivalent of the famous Splunk .conf. More than 200 people have registered. The event was held in the luxury Baltschug Kempinski hotel in the very center of Moscow with a beautiful view of the Red Square and...
Oracle Fusion Middleware Data Visualization Desktop Component Denial of Service Vulnerability
Oracle Fusion Middleware is a suite of business innovation platforms for enterprise and cloud environments from Oracle that provides middleware, software collections, and more.Data Visualization Desktop is one of a suite of visual data exploration desktop tools for quickly analyzing and...
CVE-2018-2834
Vulnerability in the Oracle Data Visualization Desktop component of Oracle Fusion Middleware subcomponent: Security. The supported version that is affected is 12.2.4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Data...