Lucene search
K

943 matches found

Prion
Prion
added 2019/04/03 6:29 p.m.18 views

Design/Logic Flaw

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...

6.8CVSS8AI score0.00435EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2019/03/05 3:5 a.m.23 views

X (Formerly Twitter): [Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code

Summary: CWE-829: Inclusion of Functionality from Untrusted Control Sphere CWE-494: Download of Code Without Integrity Check Twitter maintains several Open Source Projects under the Twitter GitHub organization. These projects contain build files that indicate that some of these projects are...

7.3AI score
Exploits0
Snyk
Snyk
added 2019/02/22 12:35 p.m.3 views

Unsafe Dependency Resolution

Overview com.paypal.tools:Gibberish-Detector is a small program to detect gibberish using a Markov Chain. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure connection...

5.6CVSS6.7AI score
Exploits0References3
Carbon Black Blog
Carbon Black Blog
added 2019/01/29 2:29 p.m.47 views

How CB LiveOps Helps with Incident Response

Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...

0.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/01/22 5:35 p.m.88 views

How CB LiveOps Helps with Vulnerability Assessment

Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...

0.2AI score
Exploits0
Kitploit
Kitploit
added 2018/12/08 8:55 p.m.119 views

Malcom - Malware Communications Analyzer

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world. What is Malcom?...

6.8AI score
Exploits0References10
vulnersOsv
vulnersOsv
added 2018/10/18 4:57 p.m.7 views

org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.examples:springWebapp (>=1.2.0 <=1.2.2) +3 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (>=1.2.0 <=1.2.2)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...

9.8CVSS7.2AI score0.03986EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 7:48 p.m.5 views

org.apache.storm:flux-core (>=1.2.0 <=1.2.1), org.apache.storm:storm-elasticsearch-examples (>=1.2.0 <=1.2.1) +14 more potentially affected by CVE-2018-1332 via org.apache.storm:storm-core (>=1.2.0 <=1.2.1)

org.apache.storm:storm-core MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.1 and more Source cves: CVE-2018-1332 Source advisory: OSV:GHSA-Q35P-CHC6-7X57...

6.5CVSS6.5AI score0.01484EPSS
Exploits2
Carbon Black Blog
Carbon Black Blog
added 2018/09/12 7:27 p.m.72 views

Carbon Black Report: A Case Study on No More IR Busy Work

From discovery to data acquisition to remediation, IR teams might spend hours of their precious time doing tedious labor — for instance, going in and grabbing an organization’s relevant forensic artifacts such as event logs one by one. What IR teams want to spend time doing: finding the bad guys...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2018/07/22 2:30 p.m.13 views

Hindsight - Internet History Forensics For Google Chrome/Chromium

Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications with more to come!. Hindsight can parse a number of different types of web artifacts, including URLs, download...

7.2AI score
Exploits0References1
n0where
n0where
added 2018/07/10 6:24 p.m.32 views

Query Windows Machine for RAM Artifacts: memtriage

Allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to access physical memory, and Volatility for analysis. Caveats: Doesn’t work with Device Guard enabled. Should be tested on machines before deploying. Example Usage usage: memtriage.exe -...

6.9AI score
Exploits0References3
n0where
n0where
added 2018/06/25 3:42 p.m.65 views

The OSINT Omnibus

An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management. By providing an easy to use interactive command...

Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.19 views

Security Bulletin: Relays do not properly authenticate agents attempting to download artifacts (CVE-2016-0365)

Summary When using Codestation caching of artifacts on agent relays, agents can download artifacts without properly authenticating. Vulnerability Details CVEID: CVE-2016-0365 DESCRIPTION: IBM UrbanCode Deploy could allow an attacker with special knowledge of the system to download artifacts witho...

5.9CVSS1.9AI score0.01181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.14 views

Security Bulletin: Vulnerability in Apache Commons might affect WebSphere Industry Content Packs and IBM Business Process Manager Industry Packs (CVE-2015-7450)

Summary A vulnerability for handling Java object deserialization in the Apache Commons Collections open source library has been reported. A vulnerable version of the library is included in templates shipped with WebSphere Industry Content Packs and IBM Business Process Manager Industry Packs...

10CVSS2.3AI score0.97655EPSS
Exploits10Affected Software2
Kitploit
Kitploit
added 2018/06/11 2:10 p.m.26 views

Omnibus - Open Source Intelligence Collection, Research, And Artifact Management

An Omnibus is defined as a volume containing several novels or other items previously published separately and that is exactly what the InQuest Omnibus project intends to be for Open Source Intelligence collection, research, and artifact management. By providing an easy to use interactive command...

7.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/05/22 2:48 a.m.72 views

Important: Red Hat Security Advisory: rhvm-setup-plugins security update

An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.5CVSS7.1AI score0.60631EPSS
Exploits2References3
FireEye
FireEye
added 2018/04/26 12:15 p.m.497 views

Establishing a Baseline for Remote Desktop Protocol

For IT staff and Windows power users, Microsoft Terminal Services Remote Desktop Protocol RDP is a beneficial tool that allows for the interactive.aspx use or administration of a remote Windows system. However, Mandiant consultants have also observed threat actors using RDP, with compromised doma...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2018/03/30 12:11 p.m.15 views

Hwacha - Deploy Payloads To *Nix Systems En Masse

Hwacha is a tool to quickly execute payloads on Nix based systems. Easily collect artifacts or execute shellcode on an entire subnet of systems for which credentials are obtained. $python hwacha.py &&&& && && && &&&&&&&&&&&& && && && Created by Esteban Rodriguez /\ &&&&&& && &&&&&&&&&& && Web:...

7.8AI score
Exploits0References1
NVD
NVD
added 2018/03/20 7:29 a.m.25 views

CVE-2018-8811

Cross-site request forgery CSRF vulnerability in system/workplace/admin/accounts/userrole.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users...

8.8CVSS9.1AI score0.02228EPSS
Exploits5References2
Prion
Prion
added 2018/03/20 7:29 a.m.13 views

Cross site request forgery (csrf)

DISPUTED Cross-site request forgery CSRF vulnerability in system/workplace/admin/accounts/userrole.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only...

6.8CVSS9AI score0.02228EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder