Lucene search
K

50 matches found

Hacker One
Hacker One
added 2018/12/13 7:2 a.m.128 views

RATELIMITED: Information Disclosure on https://theendlessweb.com/

Dear Team, I have found an Information Disclosure Vulnerabilities at https://theendlessweb.com/ Step to Reproduce: Step 1: https://theendlessweb.com/vendor/composer/installed.json Let me know if you need any additional information. Regards, Dhamu. Impact This file expose sensitive information tha...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2018/07/26 9:5 a.m.181 views

MyEtherWallet: Development configuration file https://myetherwallet.com/

Vulnerability description A configuration file e.g. Vagrantfile, Gemfile, Rakefile, ... was found in this directory. This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files fr...

6.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:43 p.m.19 views

Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks (CVE-2017-1357)

Summary IBM Maximo Asset Management could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. Vulnerability Details CVEID: CVE-2017-1357 DESCRIPTION: IBM Maximo Asset Management could allow an authenticated user to...

4.3CVSS0.8AI score0.00909EPSS
Exploits0Affected Software11
Hacker One
Hacker One
added 2018/06/16 4:4 a.m.46 views

Starbucks: PHPinfo page

GET /test.php HTTP/1.1 Host: 52.90.193.152 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/537.21 KHTML, like Gecko Chrome/41.0.2228.0 Safari/537.21 Accept: / Impact This file may expose sensitive information that may help an maliciou...

0.9AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/01/04 6:0 p.m.12 views

Excerpts from Preparing for NGAV at Scale: Prevent Attacks & Stop Breaches

Carbon Black recently published a guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV; this is an excerpt from that guide, which you can find here. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/12/28 4:0 p.m.59 views

Excerpts from Preparing for NGAV at Scale: Challenges and Approaches

Carbon Black recently published a guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV; this is the first excerpt from that guide, which you can find here. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, help...

6.9AI score
Exploits0
NVD
NVD
added 2017/08/09 6:29 p.m.19 views

CVE-2017-1357

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684...

4.3CVSS4.4AI score0.00909EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/08/09 6:0 p.m.20 views

CVE-2017-1357

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684...

4.4AI score0.00909EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2017/07/25 1:0 p.m.15 views

Academia's Role in Security Skills Gap Examined

LAS VEGAS—For a long time, there’s been a chorus from employers about the lacked of skilled security professionals to fill available openings. And while it would not be an illogical leap to think universities are adequately preparing tomorrow’s security admins and CISOs, quite the opposite may be...

6.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/07/06 4:31 p.m.534 views

The Real-World Impact of Bug Bounties and Vulnerability Research

Running the world’s largest vendor agnostic bug bounty program has afforded us the unique opportunity to purchase bugs of all varieties. The submissions to the Zero Day Initiative ZDI program range in severity from slightly annoying to hugely impactful. We wouldn’t have it any other way. Generall...

9.3CVSS7.1AI score0.90026EPSS
Exploits27
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/06/19 5:55 p.m.16 views

Ransomware & Advanced Attacks: Servers are Different

Ransomware and other advanced attacks are the scourge of the modern IT security team. If allowed to gain access to your IT environment, these attacks could shut down the organization, denying access to mission critical applications & data for potentially days, or even indefinitely. The result? Th...

7.2AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/06/16 1:0 p.m.22 views

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2017/05/23 9:21 p.m.14 views

Pushwoosh: Development configuration file

Hello, I found an Sensitive Information Disclosure. A configuration file e.g. Vagrantfile, Gemfile, Rakefile, ... was found in this directory. This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict acces...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2017/05/22 9:0 a.m.6 views

Jaya Baloo on WannaCry and Defending Against Advanced Attacks

Jaya Baloo, CISO of KPN, the Netherlands’ leading telecommunications provider, talks to Mike Mimoso about the WannaCry ransomware outbreak and how large network providers and enterprises must contend with advanced attacks. Baloo will be speaking at the upcoming Borderless Cyber USA conference in...

2.9AI score
Exploits0References4
n0where
n0where
added 2017/02/07 5:29 a.m.30 views

The Social-Engineer Toolkit (SET)

The Social-Engineer Toolkit SET is specifically designed to perform advanced attacks against the human element. SET has quickly became a standard tool in a penetration testers arsenal. SET is written by David Kennedy ReL1K and with a lot of help from the community it has incorporated attacks neve...

7.3AI score
Exploits0References2
n0where
n0where
added 2017/01/03 7:3 a.m.24 views

Exploit the Credentials Present in Files and Memory: PowerMemory

PowerMemory is a PowerShell post-exploitation tool. It uses Microsoft binaries and therefore is able to execute on a machine, even after the Device Guard Policies have been set. In the same way, it will bypass antivirus detection. PowerMemory can retrieve credentials information and manipulate...

0.5AI score
Exploits0References2
ThreatPost
ThreatPost
added 2016/11/07 1:50 p.m.59 views

Microsoft Tears off the Band-Aid with EMET

Microsoft last week extended the end-of-life expiration date to July 2018 on its exploit mitigation add-on, the Enhanced Mitigation Experience Toolkit EMET. But for some time, the once-useful tool has been well on its way out to pasture. While EMET was never meant to be anything more than stopgap...

9.3CVSS0.9AI score0.99945EPSS
Exploits33References4
ThreatPost
ThreatPost
added 2016/07/27 12:27 p.m.18 views

Attributing Advanced Attacks Remains Challenge For Researchers

Amid the connections being made between the Russian government and the attack on the Democratic National Committee DNC, researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s...

Exploits0References3
FireEye
FireEye
added 2016/05/04 4:0 a.m.17 views

A Cyber Revolution: Advanced Attacks Increasing in EMEA Reflect Political Tension

Financial, geopolitical and economical changes made 2015 a very busy year for the Europe, Middle East and Africa EMEA region, particularly in the cyber realm. FireEye has been monitoring these shifting cyber trends and has identified considerable evolutions to the EMEA threat landscape when...

0.2AI score
Exploits0
FireEye
FireEye
added 2016/03/09 11:0 a.m.126 views

Lessons from Operation RussianDoll

As defensive security controls raise the bar to attack, attackers will employ increasingly sophisticated techniques to complete their mission. Understanding the mechanics and impact of these threats is essential to systematically discover and deflect the coming wave of advanced attacks. Mandiant...

7.2CVSS1.2AI score0.562EPSS
Exploits38
Rows per page
Query Builder