CVE-2019-15753

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an endpoint device in certain circumstances. The...

EVABS - Extremely Vulnerable Android Labs

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application...

Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities

Introduction If a software vulnerability can be detected and remedied, then a potential intrusion is prevented. While not all software vulnerabilities are known, 86 percent of vulnerabilities leading to a data breach were patchable, though there is some risk of inadvertent damage when applying...

From unstructured data to actionable intelligence: Using machine learning for threat intelligence

The security community has become proficient in using indicators of compromise IoC feeds for threat intelligence. Automated feeds have simplified the task of extracting and sharing IoCs. However, IoCs like IP addresses, domain names, and file hashes are in the lowest levels of the threat...

WordPress Learning Courses plugin <= 4.7 - Unauthenticated Options Change vulnerability

Unauthenticated Options Change vulnerability found by Jerome Bruandet Nintechnet in WordPress Learning Courses plugin versions = 4.7. Solution Update the WordPress Learning Courses plugin to the latest available version at least 4.8...

ND Learning <= 4.7 - Unauthenticated Options Change

The Learning Courses WordPress plugin was affected by an Unauthenticated Options Change security vulnerability...

Cylance Antivirus Products Susceptible to Concatenation Bypass

Overview The Cylance AI-based antivirus product, prior to July 21, 2019, contains flaws that allow an adversary to craft malicious files that the AV product will likely mistake for benign files. Description Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality...

CISO series: Better cybersecurity requires a diverse and inclusive approach to AI and machine learning

Artificial Intelligence AI and machine learning have created lots of buzz with vendors. Being cast as the superheroes of technology is great for getting attention. But even Superman and Supergirl had their kryptonite. Could the lack of diversity and inclusiveness in the design teams and data type...

Will XDR Improve Security?

Cybercriminals and malicious hackers have been shifting their tactics, techniques, and procedures TTPs to improve their ability to infiltrate an organization and stay under the radar of security professionals and solutions. Moving to more targeted attack methods appears to be a mainstay among...

New machine learning model sifts through the good to unearth the bad in evasive malware

We continuously harden machine learning protections against evasion and adversarial attacks. One of the latest innovations in our protection technology is the addition of a class of hardened malware detection machine learning models called monotonic models to Microsoft Defender ATP's Antivirus...

Security Bulletin: Vulnerability in Python affects Watson Machine Learning Services (CVE-2018-14647)

Summary Python is vulnerable to a denial of service, caused by a flaw in the elementtree C accelerator. By using a specially-crafted XML document, a remote attacker could exploit this vulnerability to cause a resource exhaustion. Vulnerability Details CVE-ID: CVE-2018-14647 DESCRIPTION: Python’s...

Defining Wallarm API-specific Rules

Case Study Using SugarCRM API As an Example A unique Wallarm AI feature is its ability to automatically detect and parse complicated API protocols and then set up security rules based on specific data or parameters deep inside the API. Once parsed, the system creates the rules-based both on where...

HT2 Labs Learning Locker Cross-Site Scripting Vulnerability

HT2 Labs Learning Locker is an open source learning record repository. A security vulnerability exists in HT2 Labs Learning Locker version 3.15.1. An attacker can exploit this vulnerability to inject malicious HTML and JavaScript code into the DOM of a website...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

CVE-2019-12834

HT2 Labs Learning Locker 3.15.1 has a cross-site scripting (XSS) flaw allowing injection of HTML/JavaScript into the DOM via PATH_INFO to the dashboards/ URI. The vulnerability is documented across multiple CVE records in the connected set, with consistent description of DOM-based injection and l...

Where Will Ransomware Go In The Second Half Of 2019?

Ransomware has been an evolutionary malware family that continues to shift and change over the years. From the first fakeAV, to police ransomware, to the now oft-used crypto-ransomware, this threat just will not go away. Based on the latest trends, we predict this threat will grow in the second...

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 在学习Web安全的过程中整合的一些资料。 该repo会不断更新，最近更新日期为：2017/11/2。 同步更新于： chybeta: Web-Security-Learning 带目录 11月2日更新： + 新收录文章： + SQL注入 + sqlmap自带的tamper你了解多少？ + XSS + 前端防御从入门到弃坑--CSP变迁 + ssrf + SSRF:CVE-2017-9993 FFmpeg + AVI + HLS + CSRF + CSRF 花式绕过Referer技巧 + 各大SRC中的CSRF技巧 + java-Web +...