Ngrev - Tool For Reverse Engineering Of Angular Applications

Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your...

LabKey Server XML External Entity Injection Vulnerability

LabKey Server is a biomedical research data repository from LabKey, Inc. The repository allows Web-based querying, reporting, and collaboration across a wide range of data sources. An XML external entity injection vulnerability exists in LabKey Server. An attacker could exploit this vulnerability...

CVE-2019-9757

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read...

Fedora 29 : phpMyAdmin (2019-3b5a7abe17)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...

Fedora 30 : phpMyAdmin (2019-6404181bf9)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...

All the Code Connections Between Russia’s Hackers, Visualized

A sort of constellation chart for Kremlin malware, made by two cybersecurity firms, demonstrates the scale of Russia's distinct hacking operations...

Multiple Schneider Electric Products Server-Side Request Forgery Vulnerabilities

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. A server-side request forgery vulnerability exists in several Schneider Electric products. An...

Access Control Error Vulnerability in Multiple Schneider Electric Products (CNVD-2019-34802)

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. An access control error vulnerability exists in multiple Schneider Electric products, which can...

Access Control Error Vulnerability in Multiple Schneider Electric Products (CNVD-2019-34799)

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. An access control error vulnerability exists in several Schneider Electric products. An attacke...

Multiple Schneider Electric Products Formatting String Error Vulnerability

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. A formatting string error vulnerability exists in several Schneider Electric products. An...

LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error

It is utmost important for any security engineer to understand their network first before securing it and it becomes a daunting task to have a ‘true’ understanding of a widespread network. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the...

Constellation - A Graph-Focused Data Visualisation And Interactive Analysis Application

Constellation is a graph-focused data visualisation and interactive analysis application enabling data access, federation and manipulation capabilities across large and complex data sets. Vision Statement Constellation is a first class, domain agnostic data visualisation and analysis application...

Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)

Sampler is a tool for shell commands execution, visualization and alerting. Configured with a simple YAML file. Installation macOS brew cask install sampler or curl -Lo /usr/local/bin/sampler https://github.com/sqshq/sampler/releases/download/v1.0.1/sampler-1.0.1-darwin-amd64 chmod +x...

ThreatHunting - A Splunk App Mapped To MITRE ATT&CK To Guide Your Threat Hunts

This is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here Note: This application is not a magic bullet, it will...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibl...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or...

Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register

Linux kernel built with the KVM visualization support CONFIGKVM, with nested visualization nVMX feature enabled nested=1, is vulnerable to a crash due to disabled external interrupts. As L2 guest could access r/w hardware CR8 register of the hostL0. In a nested visualization setup, L2 guest user...

Orbit v2.0 - Blockchain Transactions Investigation Tool

Introduction Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections. Note: Orbit only runs on Python 3.2 and above. Usage Let's start by crawling...

CVE-2019-2735

Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion subcomponent: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace...

CVE-2019-2735

Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion subcomponent: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace...