Everon OCPP Backends

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Remote Services Not Using Post-Quantum Ciphers

This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack. However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on...

tokens can be deposited and immediately withdrawn before the intended lock time by depositing right before expiry

Lines of code Vulnerability details Impact tokens can be deposited and immediately withdrawn before the intended lock time by depositing right before expiry. Proof of Concept There is edge cases around the locking and unlocking periods that are not fully considered in the contract. Specifically,...

SingleAdminAccessControl contract allows admin to be transferred without removing old admin first

Lines of code Vulnerability details Description The SingleAdminAccessControl contract allows the admin role to be transferred to a new address without first removing the old admin. This is a security vulnerability, as it allows a malicious admin to transfer the role to a new address and then lock...

Compromised Microsoft Key: More Impactful Than We Thought

Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impa...

Delegatecalls to contracts which have different storage layouts will cause unexpected behavor. Whitelisting of delegate-callable targets is required like LlamaCore.authorizeScript().

Lines of code Vulnerability details Impact Delegatecall to targets which have storage access will read/write each other's storage variables. Although slot 0 is protected from modification by delegatecall, reading slot 0 is not protected. Modifying storage slot other than 0 is not protected. It's...

The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do...

Testing Issue Type

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps testing...

Managing Security Configuration Risk with the Most Comprehensive Configuration Compliance Solution!

Qualys leads the industry with 850 policies, 19000 controls, 350 technologies, and 100 frameworks Remote and hybrid work, digital transformation, and customer experience initiatives require rapid and continuous technology additions and changes. This requires continual additions of and deployments...

Upgraded Q -> M from 346 [1664289750538]

Judge has assessed an item in Issue 346 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Malicious Package in portionfatty12

All versions of portionfatty12 are considered malicious. The package is malware designed to steal user's data. When installed it uploads the user's public SSH keys to a remote server. Recommendation This package is not available on the npm Registry anymore. If you happen to find this package in...

Time travel debugging: It’s a blast! (from the past)

The Microsoft Security Response Center MSRC works to assess vulnerabilities that are externally reported to us as quickly as possible, but time can be lost if we have to confirm details of the repro steps or environment with the researcher to reproduce the vulnerability. Microsoft has made our...

Egress-Assess - Tool Used To Test Egress Data Detection Capabilities

Egress-Assess is a tool used to test egress data detection capabilities. Setup To setup, run the included setup script, or perform the following: 1. Install pyftpdlib 2. Generate a server certificate and store it as "server.pem" on the same level as Egress-Assess. This can be done with the...

CVE-2017-11668

An out-of-bounds read flaw related to the assesspacket function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially...

[WPScan Android] WordPress Security Scanner Android App

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations...