F5 Networks BIG-IP : TMM vulnerability (K82851041)

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disrupti...

Cross site scripting

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

WP SlimStat <= 3.5.5 - Overview URI Stored XSS

The Slimstat Analytics WordPress plugin was affected by an Overview URI Stored XSS security vulnerability...

Hashview - A Web Front-End For Password Cracking And Analytics

Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat https://hashcat.net commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics wi...

Password Cracking Web Front-End: Hashview

Password Cracking Web Front-End Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat https://hashcat.net commands. Hashview strives to bring constiency in your hashcat tas...

CVE-2016-0218

CVE-2016-0218 affects IBM Cognos Business Intelligence/IBM Cognos Analytics (and related TM1 advisories) with a cross-site scripting vulnerability caused by improper validation of user input. A remote attacker can entice a user to click a crafted URL, triggering script execution in the victim’s b...

CVE-2016-0217

CVE-2016-0217 is a stored cross-site scripting vulnerability in IBM Cognos Business Intelligence and IBM Cognos Analytics caused by improper validation of user input. A remote attacker could inject malicious script into a page viewed by an authenticated user, potentially stealing cookie-based cre...

SonicWall Global Management System (GMS) / Universal Management Suite (USM) / Analyzer / Analytics Detection (HTTP)

HTTP based detection of Dell SonicWALL Global Management System GMS / Universal Management Suite USM / Analyzer / Analytics. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2016-9247

CVE-2016-9247 affects F5 BIG-IP TMM when a virtual server uses a FastL4 profile with a TCP analytics profile; a specific packet sequence can cause TMM restart, potentially disrupting traffic or causing failover. The F5 advisory lists vulnerable versions (e.g., BIG-IP LTM 12.1.0–12.1.1 and other a...

WordPress WassUp Real Time Analytics Plugin <= 1.9 - Persistent XSS

Because of this vulnerability attackers can inject malicious JavaScript code into the application, which will execute within the browser of any user who views the Activity Log, in general WP admin. Solution Update the plugin...

osquery - SQL powered operating system instrumentation, monitoring, and analytics

osquery is an operating system instrumentation framework for OS X and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. Platform | Build status | | | ---|---|---|---|--- OS X 10.9 | | | Homepage: | https://osquery.io OS X 10.10/11 | | |...

CVE-2016-6936

Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent...

Adobe AIR for Mac <= 22.0.0.153 Android Applications Runtime Analytics MitM (APSB16-31)

The version of Adobe AIR installed on the remote Mac OS X host is prior or equal to version 22.0.0.153. It is, therefore, affected by a man-in-the-middle MitM vulnerability due to the cleartext transmission of runtime analytics for AIR applications on Android. A MitM attacker can exploit this to...

Adobe AIR <= 22.0.0.153 Android Applications Runtime Analytics MitM (APSB16-31)

The version of Adobe AIR installed on the remote Windows host is prior or equal to version 22.0.0.153. It is, therefore, affected by a man-in-the-middle MitM vulnerability due to the cleartext transmission of runtime analytics for AIR applications on Android. A MitM attacker can exploit this to...

CVE-2016-5022

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-I...

OneLogin SecureNotes Breach Exposed Data in Cleartext

Single sign-on company OneLogin began notifying customers this week that an attacker was able to take advantage of a bug in its system and view sensitive notes posted by users, thought to be secure. The company, whose authentication technology secures cloud-based applications, confirmed the...

CVE-2015-8022

CVE-2015-8022 affects multiple F5 BIG-IP products (LTM, Analytics, APM, ASM, GTM, Link Controller; AAM, AFM, PEM; Edge Gateway, WebAccelerator, WOM, PSM) across 11.x releases. The root cause is in the Configuration utility: an Access Policy Manager customization configuration section that allows ...

Open Source Pentesting Management And Automation Platform: Vulnreport

Open Source Pentesting Management And Automation Platform Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer’s time. It is designed to accelerate management of penetration...

X (Formerly Twitter): csp bypass + xss

Hi, On my previous report number 126464 I've mentioned that analytics.twitter.com has a CSP bypass which I couldn't exploit that time. Now, I've found a reflected XSS on careers.twitter.com which again I couldn't exploit by itself. Because you have CSP, and I've combined two of them to successful...

CVE-2016-3446

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Analytics Web Administration...