Lucene search
K

7667 matches found

Hacker One
Hacker One
added 2017/07/26 6:2 a.m.148 views

Legal Robot: [Cross-domain Referer leakage] Password reset token leakage via referer

A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...

1.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/07/25 11:52 a.m.64 views

July 25, 2017 – Morning Cyber Coffee Headlines – “Henry Ford” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 25, 2017 - Headlines UK gov wants teens to practice cybersecurity in their...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2017/07/24 10:48 a.m.24 views

CVE-2017-5529

JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition versions 6.4.0 and below, TIBCO JasperReports...

6.5CVSS6.7AI score0.01329EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/07/22 1:27 p.m.38 views

Legal Robot: Token leakage by referrer header & analytics

A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...

2.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/07/10 3:30 p.m.80 views

Static Versus Dynamic Data Masking

Most participants in the trench warfare of IT security agree that the best way to protect data is to apply a layered approach to security. Data masking is a security and privacy enhancing technology recommended by industry analysts as a must-have data protection layer. While terminology varies...

7.3AI score
Exploits0
n0where
n0where
added 2017/06/23 12:5 a.m.32 views

An Analytical Framework for Network Data: Flare

An Analytical Framework for Network Data Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious...

0.8AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2017/06/22 12:0 a.m.19 views

Analytics Tracker < 1.1.1 - XSS

The Analytics Tracker WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.6AI score0.00905EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2017/06/21 12:0 a.m.3 views

IBM BigFix Compliance Analytics Security Bypass Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security bypass...

9.8CVSS6.8AI score0.01603EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2017/06/19 5:27 a.m.17 views

Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server

Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date. This blunder was caused by Deep Root Analytics DRA, a data analytics firm employed by the US Republican...

6.5AI score
Exploits0
CNVD
CNVD
added 2017/06/16 12:0 a.m.3 views

IBM BigFix Security Compliance Analytics Information Disclosure Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. IBM BigFix Security Complian...

5.9CVSS6.2AI score0.00842EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/15 12:0 a.m.3 views

IBM BigFix Security Compliance Analytics Weak Default Password Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security vulnerability...

9.8CVSS7AI score0.01661EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/15 12:0 a.m.13 views

IBM BigFix Security Compliance Analytics Cross-Site Scripting Vulnerability

IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A cross-site scripting...

6.1CVSS6.4AI score0.00977EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2017/06/12 3:30 p.m.71 views

Today’s File Security is So ‘80s, Part 2: Detect Suspicious File Access with Dynamic Peer Groups

In a previous post, we shared three primary reasons why the traditional, static approach to file security no longer works for today’s modern enterprises. Working groups are formed organically and are cross-functional by nature, making a black and white approach to file access control outdated—it...

6.6AI score
Exploits0
Prion
Prion
added 2017/06/09 3:29 p.m.21 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an...

3.5CVSS5.5AI score0.00947EPSS
Exploits0References4Affected Software16
NVD
NVD
added 2017/06/08 9:29 p.m.14 views

CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...

5.9CVSS5.5AI score0.00842EPSS
Exploits0References3
OSV
OSV
added 2017/06/08 9:29 p.m.2 views

CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...

5.9CVSS5.8AI score0.00842EPSS
Exploits0References3
CVE
CVE
added 2017/06/08 9:0 p.m.53 views

CVE-2017-1179

CVE-2017-1179 affects IBM BigFix Compliance Analytics 1.9.79, where information disclosure occurs due to the use of weaker-than-expected cryptographic algorithms, potentially allowing an attacker to decrypt highly sensitive data. The available connected documents identify the vulnerability class ...

5.9CVSS6.3AI score0.00842EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/06/07 5:29 p.m.5 views

CVE-2017-1125

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

3.3CVSS7.3AI score0.00347EPSS
Exploits0References3
Prion
Prion
added 2017/06/07 5:29 p.m.10 views

Code injection

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

2.1CVSS3.5AI score0.00347EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/06/07 5:29 p.m.24 views

CVE-2017-1125

IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...

3.3CVSS3.4AI score0.00347EPSS
Exploits0References3
Rows per page
Query Builder