23 matches found
strix-advanced
⚡ Strix-Advanced AI-Powered Security Testing Platform An...
CVE-2025-61303
Hatching Triage Sandbox Windows 10 build 2004 2025-08-14 and Windows 10 LTSC 20212025-08-14 contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample...
EUVD-2023-53275
Malicious code in bioql PyPI...
Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wazuh. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Analysis Engine service, which listens on TCP port 1514 by default. The issue results from the...
CVE-2023-49275
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when analysisd receives a syscollector message with th...
CVE-2023-49275 Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when analysisd receives a syscollector message with th...
CVE-2023-49275
CVE-2023-49275 affects Wazuh and relates to a NULL pointer dereference in the analysisd component during fuzzing, triggered when a syscollector message uses the hotfix type without a timestamp. The dereference of a missing timestamp item via cJSON_GetObjectItem() can allow a malicious client to c...
CVE-2023-49275 Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when analysisd receives a syscollector message with th...
GHSA-5R8J-QMCM-7G7Q Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK. This issue affects Apache UIMA Java SDK before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects...
Aruba AOS-CX 命令注入漏洞
Aruba AOS-CX is a modern programmable network from Aruba, USA. The Aruba AOS-CX has a security vulnerability that can be exploited by an attacker to run code through the network analysis engine...
Webshell-Analyzer - Web Shell Scanner And Analyzer
Web shell analyzer is a cross platform stand-alone binary built solely for the purpose of identifying, decoding, and tagging files that are suspected to be web shells. The web shell analyzer is the bigger brother to the web shell scanner project http://github.com/tstillz/webshell-scan, which only...
Machine Learning Penetration Testing: GyoiThon
GyoiThon is a growing penetration test tool using Deep Learning. Deep Learning improves classification accuracy in proportion to the amount of learning data. Therefore, GyoiThon will be taking in new learning data during every scan. Since GyoiThon uses various features of software included in HTT...
Introducing the RIPS analysis engine
History 2007 - 2009 Almost 10 years ago, a simple PHP Scanner was developed during popularity gaining Capture The Flag CTF hacking battles of university teams. The scanner based on regular expressions and identified simple connections between user input that is first assigned to a variable and th...
FireEye Operating System Multiple Vulnerabilities
The remote host is running a version of FireEye Operating System FEOS that is missing a vendor-supplied security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Virtual Execution Engine VXE during the handling of file names that were previously flagged for t...
FireEye Trojan analysis engine (MAS) 6.4.1 – multiple vulnerabilities-vulnerability warning-the black bar safety net
FireEye Trojan analysis system MAS web login section there are multiple serious vulnerabilities. Multiples Vulnerabilities 3 XSS reflected 1 CSRF 1 NoSQLi Json object 1 PostGreSQL SQLi Exploitable? 1 File and Path Disclosure 1 Source code Info-leak XSS: The Cross-Station 1...
Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20140219-ips)
According to its self-reported version, the version of the Cisco Intrusion Prevention System software running on the remote is affected by the following denial of service vulnerabilities : - The Analysis Engine can become unresponsive due to improper handling of fragmented packets processed throu...
CVE-2014-0720
Cisco IPS Software 7.1 before 7.18E4 and 7.2 before 7.22E4 allows remote attackers to cause a denial of service Analysis Engine process outage via a flood of jumbo frames, aka Bug ID CSCuh94944...
CVE-2014-0720
Cisco IPS Software is affected by CVE-2014-0720, where unauthenticated remote attackers can cause a denial of service by flooding the device with jumbo frames, leading to an Analysis Engine process outage. The issue is part of multiple DoS vulnerabilities in Cisco IPS Software 7.1/7.2 prior to th...
Cisco IPS Software分析引擎拒绝服务漏洞
Bugtraq ID:65665 CVE ID:CVE-2014-0718 Cisco IPS Software是一款思科开发的入侵防御系统。 Cisco IPS Software produce-verbose-alert代码存在安全漏洞,允许未验证远程攻击者使Analysis引擎变得不稳定。 漏洞是由于在启用produce-verbose-alert动作时分析引擎不正确处理分片报文,攻击者可发送特制的分片报文使受影响系统分析引擎变得不稳定,造成拒绝服务攻击。 0 Cisco IPS Software versions 7.1 Cisco IPS Software versions 7...
Multiple Vulnerabilities in Cisco IPS Software
Cisco Intrusion Prevention System IPS Software is affected by the following vulnerabilities: Cisco IPS Analysis Engine Denial of Service Vulnerability Cisco IPS Control-Plane MainApp Denial of Service Vulnerability Cisco IPS Jumbo Frame Denial of Service Vulnerability The Cisco IPS Analysis Engin...