Lucene search
+L

46 matches found

osv
osv
added 2023/06/06 4:44 p.m.19 views

GHSA-RVRX-RRWH-R9P6 Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack

Impact An attacker who controls or compromises a registry can make the registry serve an infinite number of signatures for the artifact, causing a denial of service to the host machine running notation verify. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade the...

6.5CVSS6.4AI score0.00485EPSS
Exploits0References4
wordfence
wordfence
added 2023/04/14 10:17 p.m.11 views

Post Action Report: Bad Firewall Rule Released to WPEngine Customers Wednesday

On Wednesday afternoon a small percentage of WPEngine websites using a paid version of Wordfence experienced a 500 Internal Server Error or white screen on their sites due to an erroneous firewall rule that we released. If you have experienced this issue, please check your email which contains...

6.9AI score
Exploits0
citrix
citrix
added 2023/04/12 12:0 a.m.15 views

How to troubleshoot PVS target device domain trust issue

Since both Citrix and Microsoft and 3rd party software can initiate changing password, sometimes the TD may lose domain trust. Reset machine password from PVS console can solve the issue, but sometimes we need to find out the root cause if too many TDs lose domain trust. This article aims to give...

7.2AI score
Exploits0
githubexploit
githubexploit
added 2023/04/05 2:5 a.m.575 views

Exploit for Untrusted Pointer Dereference in Microsoft

It is an exploit module targeting Apache HTTP Server. The target...

7.8CVSS8.6AI score0.65417EPSS
Exploits13
kitploit
kitploit
added 2022/05/03 12:30 p.m.33 views

FirmWire -b Full-System Baseband Firmware Emulation Platform For Fuzzing, Debugging, And Root-Cause Analysis Of Smartphone Baseband Firmwares

FirmWire is a full-system baseband firmware analysis platform that supports Samsung and MediaTek. It enables fuzzing, root-cause analysis, and debugging of baseband firmware images. See theFirmWire documentation to get started! Experiments & Missing Parts? Upon a vendor's request, the current...

7.1AI score
Exploits0References2
bdu_fstec
bdu_fstec
added 2022/04/13 12:0 a.m.7 views

The vulnerability of the Solution Manager Diagnostics (Root Cause Analysis) tool within the SAP Solution Manager software platform allows a perpetrator to enhance their privileges.

The vulnerability of the Solution Manager Diagnostics Root Cause Analysis tool within the SAP Solution Manager software platform is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...

9.1CVSS7.7AI score0.01399EPSS
Exploits0References6Affected Software1
cve
cve
added 2022/02/09 10:5 p.m.95 views

CVE-2022-22544

SAP Solution Manager 720’s Diagnostics Root Cause Analysis Tool suffers from insufficient access control, enabling an administrator to execute code on all connected Diagnostics Agents and browse their files. This could allow an attacker with admin privileges to control managed systems, leading to...

9.1CVSS9.3AI score0.01399EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/02/09 10:5 p.m.27 views

CVE-2022-22544

Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...

9.5AI score0.01399EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/02/08 12:0 a.m.6 views

PT-2022-2173 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 720 Description: The issue is related to insufficient access control in the SAP Solution Manager Diagnostics Root Cause Analysis tool, allowing a remote attacker to elevate their privileges. This can enable an...

9.1CVSS9.3AI score0.01399EPSS
Exploits0References9
thn
thn
added 2021/05/24 12:54 p.m.130 views

What To Do When Your Business Is Hacked

As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful. These include phishing emails to harvest credentials and gain easy access to...

0.9AI score
Exploits0
rapid7blog
rapid7blog
added 2021/04/12 1:38 p.m.52 views

MDR Must-Haves, Part 6: Threat Validation and Detailed Reporting

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Engaging a managed security service provider—either a traditional MSSP or MDR provider—should never involve...

7.2AI score
Exploits0
githubexploit
githubexploit
added 2021/01/07 12:30 p.m.164 views

Exploit for Code Injection in Microfocus Arcsight_Logger

CVE-2020-11851 Remote Code Execution vulnerability on ArcSig...

9.8CVSS10AI score0.02825EPSS
Exploits1
googleprojectzero
googleprojectzero
added 2020/07/29 12:0 a.m.242 views

Root Cause Analyses for 0-day In-the-Wild Exploits

Posted by Maddie Stone, Project Zero When a 0-day is exploited in the wild AND it is detected, we need to use that as an opportunity to learn as much as possible about the vulnerability and the exploit if we hope to make 0-day hard. One of the main methods to do that is to perform a root cause...

9.3CVSS9.1AI score0.73856EPSS
Exploits54
hackerone
hackerone
added 2020/07/23 10:24 a.m.49 views

Zomato: Availing Zomato gold by using a random third-party `wallet_id`

We received a report from @pandaaaa wherein he demonstrated a way to avail Zomato Gold membership using random Zomato User's wallet. The report was triaged and rewarded with critical severity with a CVSS score of 9.3. It was considered critical since a random user's wallet could have been used fo...

7.2AI score
Exploits0
thn
thn
added 2020/05/20 1:11 p.m.6 views

[Guide] Finding Best Security Outsourcing Alternative for Your Organization

As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar question of what type of service to choose form. Today, Cynet releases the Security Outsourci...

5.8AI score
Exploits0
googleprojectzero
googleprojectzero
added 2020/04/02 12:0 a.m.263 views

TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln

Posted by Maddie Stone, Project Zero INTRODUCTION I’m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero’s ideas and goals around in-the-wild 0-days in a November blog post. On December’s...

9.8CVSS8.7AI score0.80968EPSS
Exploits38
trendmicroblog
trendmicroblog
added 2019/08/23 4:29 p.m.55 views

Trend Micro Named A Leader in 2019 Gartner Magic Quadrant for Endpoint Protection Platforms

Leadership. It’s a weighty term, although frequently it is used too lightly and all too often it’s a self-declared position. We believe, leaders can come and go, and leadership can be fleeting depending on the factors for long term success. It is for all these reasons, that we are proud, not only...

7.1AI score
Exploits0
googleprojectzero
googleprojectzero
added 2019/02/05 12:0 a.m.14 views

The Curious Case of Convexity Confusion

Posted by Ivan Fratric, Google Project Zero Intro Some time ago, I noticed a tweet about an externally reported vulnerability in Skia graphics library used by Chrome, Firefox and Android, among others. The vulnerability caught my attention for several reasons: Firstly, I looked at Skia before...

7AI score
Exploits0
msrc
msrc
added 2018/08/16 7:0 a.m.25 views

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

0.7AI score
Exploits0
msrc
msrc
added 2018/08/16 7:0 a.m.10 views

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

7.7AI score
Exploits0
Rows per page
Query Builder