Lucene search
K

144 matches found

Positive Technologies
Positive Technologies
added 2022/02/08 12:0 a.m.5 views

PT-2022-2173 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 720 Description: The issue is related to insufficient access control in the SAP Solution Manager Diagnostics Root Cause Analysis tool, allowing a remote attacker to elevate their privileges. This can enable an...

9.1CVSS9.3AI score0.01326EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2021/05/24 12:54 p.m.130 views

What To Do When Your Business Is Hacked

As businesses move to a remote workforce, hackers have increased their activity to capitalize on new security holes. Cybercriminals often use unsophisticated methods that continue to be extremely successful. These include phishing emails to harvest credentials and gain easy access to...

0.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/04/12 1:38 p.m.52 views

MDR Must-Haves, Part 6: Threat Validation and Detailed Reporting

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Engaging a managed security service provider—either a traditional MSSP or MDR provider—should never involve...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2021/04/07 11:10 a.m.414 views

Exploit for CVE-2021-24086

CVE-2021-24086 This is a proof of concept for CVE-2021-24086...

9.8CVSS8.7AI score0.58961EPSS
Exploits7
Huntr
Huntr
added 2021/03/26 12:57 p.m.12 views

Code Injection in storybookjs/telejson

✍️ Description telejson is a library for teleporting rich data to another place. The telejson.reviver which is used to parse string data back to json structure can be abused to execute arbitrary code when the lazyEval option is set to false i.e., disabled. The root cause is the attackers can...

2.1AI score
Exploits0
GithubExploit
GithubExploit
added 2021/01/07 12:30 p.m.164 views

Exploit for Code Injection in Microfocus Arcsight_Logger

CVE-2020-11851 Remote Code Execution vulnerability on ArcSig...

9.8CVSS10AI score0.02825EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.51 views

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-26088: Fixed an improper CAPNETRAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security...

7.8CVSS6.4AI score0.00492EPSS
Exploits0References133
GoogleProjectZero
GoogleProjectZero
added 2020/07/29 12:0 a.m.242 views

Root Cause Analyses for 0-day In-the-Wild Exploits

Posted by Maddie Stone, Project Zero When a 0-day is exploited in the wild AND it is detected, we need to use that as an opportunity to learn as much as possible about the vulnerability and the exploit if we hope to make 0-day hard. One of the main methods to do that is to perform a root cause...

9.3CVSS9.1AI score0.73856EPSS
Exploits54
Hacker One
Hacker One
added 2020/07/23 10:24 a.m.49 views

Zomato: Availing Zomato gold by using a random third-party `wallet_id`

We received a report from @pandaaaa wherein he demonstrated a way to avail Zomato Gold membership using random Zomato User's wallet. The report was triaged and rewarded with critical severity with a CVSS score of 9.3. It was considered critical since a random user's wallet could have been used fo...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/20 1:11 p.m.6 views

[Guide] Finding Best Security Outsourcing Alternative for Your Organization

As cyberattacks continue to proliferate in volume and increase in sophistication, many organizations acknowledge that some part of their breach protection must be outsourced, introducing a million-dollar question of what type of service to choose form. Today, Cynet releases the Security Outsourci...

5.8AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2020/04/02 12:0 a.m.263 views

TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln

Posted by Maddie Stone, Project Zero INTRODUCTION I’m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero’s ideas and goals around in-the-wild 0-days in a November blog post. On December’s...

9.8CVSS8.7AI score0.80968EPSS
Exploits38
ThreatPost
ThreatPost
added 2020/02/12 2:0 p.m.37 views

Report to Your Management with the Definitive ‘IR Management and Reporting’ presentation Template

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...

0.2AI score
Exploits0References4
Prion
Prion
added 2019/09/27 7:15 p.m.15 views

Information disclosure

In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092...

4.3CVSS7.5AI score0.00405EPSS
Exploits0References1Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/08/23 4:29 p.m.55 views

Trend Micro Named A Leader in 2019 Gartner Magic Quadrant for Endpoint Protection Platforms

Leadership. It’s a weighty term, although frequently it is used too lightly and all too often it’s a self-declared position. We believe, leaders can come and go, and leadership can be fleeting depending on the factors for long term success. It is for all these reasons, that we are proud, not only...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2019/07/03 11:17 p.m.50 views

HackerOne: Custom Field Attributes may be created and updated for customers with Custom Field Trial enabled

The Custom Field feature is currently only available for customers on the Enterprise product edition. A trial period can be given by enabling the custom-fields-trial feature for programs who are not on that product edition yet. However, when enabling this feature, the incorrect ordering of an ACL...

1AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2019/02/05 12:0 a.m.10 views

The Curious Case of Convexity Confusion

Posted by Ivan Fratric, Google Project Zero Intro Some time ago, I noticed a tweet about an externally reported vulnerability in Skia graphics library used by Chrome, Firefox and Android, among others. The vulnerability caught my attention for several reasons: Firstly, I looked at Skia before...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/12/19 12:0 p.m.57 views

Congressional Report on the 2017 Equifax Data Breach

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2018/11/20 4:48 a.m.21 views

HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████

HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/09/20 5:42 p.m.465 views

Mass WordPress compromises redirect to tech support scams

Content Management Systems CMSes such as WordPress, Drupal, or Joomla are under a constant barrage of fire. Earlier this year, we detailed several waves of attacks against Drupal, also known as Drupalgeddon, pushing browser-based miners and various social engineering threats. During the past few...

7.3AI score
Exploits0
MSRC
MSRC
added 2018/08/16 7:0 a.m.25 views

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

0.7AI score
Exploits0
Rows per page
Query Builder