Jumpstart your Microsoft Graph Security API integration with the new JavaScript sample app

The Microsoft Graph Security API, which launched this spring, is a unified REST API for integrating data and intelligence from Microsoft products, services, and partners. Using Microsoft Graph, developers can easily build applications that consolidate and correlate security alerts from multiple...

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis

Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they might need for malware campaigns...

Orbit - Cryptocurrency Wallets Relationship Visualizer

Give it a blockchain based crypto wallet address and it will crawl 3 levels deep in transaction data to plot a graph out of the information. Usage Run orbit.py with python3 as follows python3 orbit.py Enter the wallet address | | | ' | || | | | | Enter a wallet address: xxxxxxxxxxxxxxx Now orbit...

LinkedIn: Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com

This report was previously published on Medium.com/@JonathanBouman. Follow me on Twitter or Medium for new reports. F361972 Proof of concept Background In my previous report we learned more about a special type of the persistent XSS attack; the unvalidated oEmbed attack. This attack allows us to...

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting (XSS)

The Open Graph and Twitter Card Tags WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability. PoC...

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting (XSS)

The Open Graph and Twitter Card Tags WordPress plugin was affected by an Unauthenticated Cross-Site Scripting XSS security vulnerability...

Centreon Remote Code Execution Vulnerability (CNVD-2018-14217)

Centreon and Centreon Web are both products of the French company Centreon.Centreon formerly Merethis Centreon is a suite of open-source IT monitoring software that is required to be used with Nagios, which it manages via the web, as well as third-party components for monitoring networks, operati...

WordPress Open Graph for Facebook, Google+ and Twitter Card Tags plugin <= 2.2.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress Open Graph for Facebook, Google+ and Twitter Card Tags plugin versions = 2.2.4. Solution Update the WordPress Open Graph for Facebook, Google+ and Twitter Card Tags plugin to the latest available version at least...

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4 - Authenticated Reflected XSS

There is a reflected XSS vulnerability caused by "Open Graph for Facebook, Google+ and Twitter Card Tags" in the wdfbogerror parameter on a GET request when editing a post. This can be exploited by tricking an authenticated Wordpress administrator into clicking a malicious link. This vulnerabilit...

CVE-2017-16022

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

CVE-2017-16022

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

Code injection

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

CVE-2017-16022

CVE-2017-16022 affects Morris.js: the SVG hover labels produced by Morris.js are not escaped in versions 0.5.0 and earlier, enabling client-side script injection if an attacker controls the label content. The CVE describes a cross-site scripting (XSS) risk when the graph is loaded. Public disclos...

CVE-2017-16022

Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded...

CVE-2016-10569

embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

CVE-2016-10569

embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

CVE-2016-10569

The CVE-2016-10569 issue affects the embedza module prior to version 1.2.4, where JavaScript resources are downloaded over HTTP. This enables a man-in-the-middle scenario where an attacker on the network could swap the requested JavaScript with a malicious file, potentially leading to remote code...

[SECURITY] Fedora 28 Update: graphviz-2.40.1-22.fc28

A collection of tools for the manipulation and layout of graphs as in nodes and edges, not as in barcharts...

Partnerships power the future of better security

This post is authored by Jeremy Dallman, Principal Program Manager. Our goal in building the Microsoft Graph Security API is to enable customers to share insights and take action across security solutions to improve protection and speed response. By creating a connected security ecosystem,...

WordPress Open Graph for Facebook, Google+ and Twitter Card Tags Plugin < 2.2.4.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112287";...