CVE-2022-29531

An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name...

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...

PT-2022-19681 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: An issue was discovered in the event graph via a tag name, allowing stored XSS. Recommendations: For versions prior to 2.4.158, update to version 2.4.158 or later to resolve the issue. As a temporar...

365Inspect - A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments

Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365 environments. Setup 365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD We recommend installing the AzureADPreview module, Exchan...

Vulnerability fixed in Apache Struts

A vulnerability has been fixed in Apache Struts. This vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the Struts application. OGNL evaluation must be enabled to exploit the vulnerability to be exploited. This vulnerability is an...

Finding Attack Paths in Cloud Environments

The mass adoption of cloud infrastructure is fully justified by innumerable advantages. As a result, today, organizations' most sensitive business applications, workloads, and data are in the cloud. Hackers, good and bad, have noticed that trend and effectively evolved their attack techniques to...

Apache Struts 2 安全漏洞

A remote code execution vulnerability exists in Apache Struts, an open source web application architecture for developing Java EE web applications from the Apache Foundation, which stems from the use of mandatory OGNL evaluation in tag attributes for untrusted user input. An attacker could exploi...

CVE-2022-27834

Use after free vulnerability in dspcontextunloadgraph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions...

CVE-2022-27834

Use after free vulnerability in dspcontextunloadgraph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions...

Epagneul - Graph Visualization For Windows Event Logs

Epagneul is a tool to visualize and investigatewindows event logs. Deployment Requires docker and docker-compose to be installed. Installing make Offline deployment On a machine connected to internet, build an offline release: make release This will create a release folder containing ready to go...

Zabbix Frontend 跨站脚本漏洞

Zabbix Frontend is a monitoring software front-end tool from Zabbix, U.S. A cross-site scripting vulnerability exists in Zabbix Frontend, which could be exploited by an authenticated attacker to create a link to a graphical page with reflected Javascript code and send it to other victims...

Graph Analysis of the Conti Ransomware Group Internal Chats

We were presented with a remarkably rich source of intelligence with the leaked communications from the Conti ransomware group. It’s a compelling and insightful read. The leaked information contains details on messages, including information on timestamps, sender, receiver, and the actual body of...

Checkov - Prevent Cloud Misconfigurations During Build-Time For Terraform, CloudFormation, Kubernetes, Serverless Framework And Other Infrastructure-As-Code-Languages

Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Dockerfile, Serverless or ARM Templates and detects securi ty and compliance misconfigurations using graph-based...

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

CVE-2021-42767

CVE-2021-42767 describes a directory traversal vulnerability in the APOC procedures of Neo4j Graph Database. The flaw allows reading local files and, in some cases, creating local files via the APOC plugin before version 4.4.0.1. Publicly documented fixes exist: upgrade to 3.5.17, 4.2.10, 4.3.0.4...

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

Neo4j 路径遍历漏洞

Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, Inc. that supports data migration, add-ons, and more. A path traversal vulnerability exists in Neo4j Graph, which stems from a directory traversal vulnerability in the Apoc plugin in Neo4j Graph databases 4.0.0 through 4.3...

WordPress Go Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view counters plugin <= 1.7.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Go Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view counters plugin versions = 1.7.0. Solution Update the WordPress Go Viral – social share, social...

WordPress Go Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view counters plugin <= 1.7.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Go Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view counters plugin versions = 1.7.0. Solution Update the WordPress Go Viral – social share, social sharebar, social locker,...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c3.11 (>=2.7.0 <=2.8.0), com.ibm.fhir:fhir-term-graph (>=4.9.2 <=4.10.2) +64 more potentially affected by CVE-2021-44521 via org.apache.cassandra:cassandra-all (>=3.11.0 <=3.11.11)

org.apache.cassandra:cassandra-all MAVEN version =3.11.0, =2.7.0, =4.9.2, =4.10.0, =3.11, =3.11, =3.11, =0.3.3, =0.4.0, =0.10.0, =3.11.0.0, =2.3, =5.3.0, =6.1.0 and more Source cves: CVE-2021-44521 Source advisory: OSV:GHSA-8FFC-79XG-29W8...