693 matches found
Information disclosure
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation...
Design/Logic Flaw
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2015-1999
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser history...
CVE-2015-1989
IBM QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 is affected by CVE-2015-1989 due to an SQL injection vulnerability. A remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back end. The NVD lists a base score of 6.5 (Medium) with network ...
CVE-2015-1993
IBM QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 fails to set the secure flag on session cookies in HTTPS, enabling potential cookie capture via MITM when redirected to HTTP. Impact: partial confidentiality exposure. Remediation: install IBM QRadar 7.2.5 Patch 5 (or newer QRadar/QRM/QVM/Q...
CVE-2015-1994
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2015-1994
CVE-2015-1994 concerns IBM QRadar Incident Forensics. Affects IBM QRadar Incident Forensics 7.2.x prior to 7.2.5 Patch 5 where the session cookie is missing the HTTPOnly flag, enabling potential cookie exposure via scripting and session hijacking. IBM’s security bulletin corroborates the vulnerab...
CVE-2015-1996
IBM QRadar Incident Forensics 7.2.x vulnerable to cacheable SSL pages that can expose sensitive local-cache data to a local attacker with an unattended workstation. Affected: QRadar Incident Forensics 7.2.x prior to 7.2.5 Patch 5. CVSS base score 2.1 (LOW). Remediation: apply IBM QRadar 7.2.5 Pat...
CVE-2015-1999
IBM QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 exposes session IDs in HTTPS URLs, enabling an attacker to read sensitive data from web-server access logs, Referer logs, or browser history. Affected product: IBM QRadar Incident Forensics 7.2.x. Root cause: session IDs stored in URLs. Imp...
CVE-2015-1996
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation...
CVE-2015-1993
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session...
Audio Video Media Forensics
Our media forensics practice is a fast growing part of Coalfire. Were often asked what we can do, and this post is intended to be a quick primer to provide some background if youre in need of this service and what you can expect from us and others in the field...
Kali Linux 2.0 Released — Download Most Powerful Penetration Testing Platform
Offensive Security, the creators of Swiss army knife for Security researchers, Penetration testers and Hackers have finally released the much awaited and most powerful version of Kali Linux 2.0. Kali Linux 2.0 Codename ‘Kali Sana’, an open-source penetration testing platform brings hundreds of...
MicEnum - Mandatory Integrity Control Enumerator for Windows
In the context of the Microsoft Windows family of operating systems, Mandatory Integrity Control MIC is a core security feature introduced in Windows Vista and implemented in subsequent lines of Windows operating systems. It adds Integrity LevelsIL-based isolation to running processes and objects...
IBM Security QRadar Incident Forensics Cross-Site Scripting Vulnerability
IBM Security QRadar Incident Forensics is a suite of security forensic investigation software. A cross-site scripting vulnerability in IBM Security QRadar Incident Forensics allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...
Datapp Sniffs Out Unencrypted Mobile Data
Last fall, researchers at the University of New Haven’s Cyber Forensics Research and Education Group dropped the hammer on a number of Android apps, including those from some popular social networking and dating sites, for their insistence on sending data in the clear. Pretty quickly, the UNHcFRE...
Usbkill Script Can Render Computers Useless
The idea of needing to disable a computer quickly as the police–or another potential adversary–comes through the door typically has been the concern of criminals. But in today’s climate activists, journalists, and others may find themselves wanting to make their laptops unusable in short order, a...
Cybrary Offers Free Online Ethical Hacking and Cyber Security Training
I frequently receive emails and messages on how to hack my friend’s Facebook account, how to become a hacker, how to penetrate networks, how to break into computers, and how to compromise routers? These are some of the most frequent queries I came across, and in this article I’ll attempt to answe...
Forpix - Software for detecting affine image files
forpix is a forensic program for identifying similar images that are no longer identical due to image manipulation. Hereinafter I will describe the technical background for the basic understanding of the need for such a program and how it works. From image files or files in general you can create...
CVE-2015-2747
Multiple cross-site scripting XSS vulnerabilities in the data loss prevention DLP incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted 1 email or 2 HTTP request, which triggers a DLP Policy...