5157 matches found
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster VLM deployed on HyperV, VMWare, on bare metal or in the...
Legal Robot: Domain takeover (legalrobot.co.za)
A security researcher discovered that an AWS S3 bucket was left unassigned after decommissioning. The bucket was previously used as a redirect to our main domain, legalrobot.com. If not for CloudFlare redirect rules already in place, the unused bucket could have allowed anyone that created an S3...
RHEL 6 : jboss-ec2-eap (RHSA-2017:1260)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1260 advisory. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS Elastic Compute...
Moderate: Red Hat Security Advisory: jboss-ec2-eap security, bug fix, and enhancement update
An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Ubuntu: Security Advisory (USN-3291-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TIBCO Spotfire Server and Spotfire Analytics Platform for AWS Marketplace SQL Injection Vulnerabilities
TIBCO Spotfire Server and Spotfire Analytics Platform for AWS Marketplace are both products of the US-based TIBCO Software. The former is a set of TIBCO Spotfire data analysis and mining tools based on TIBCO Spotfire for enterprises to provide integration, operation and management of the platform...
Live.me - #1 video chat app - AWS Credentials, Base64 encoded String, Customized SSL vulnerabilities
HackApp vulnerability scanner discovered that application Live.me - 1 video chat app published at the 'play' market has multiple vulnerabilities...
SOC 2 Type 1 and SOC 2 Type 2 Frequently Asked Questions
Coalfires SOC Practice Directors Dixon Wright and Jeff Cook recently conducted a webinar on AWS and SOC Reporting, What you need to know. The presentation provided a lot of good points that organizations should know or be prepared for regardless of the technology that is being used. Below you wil...
Sql injection
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...
CVE-2017-5527
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...
CVE-2017-5527 TIBCO Spotfire injection vulnerabilities
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks...
CVE-2017-5527
The provided data confirms a SQL injection issue affecting TIBCO Spotfire products. Affected: Spotfire Server versions 7.0.x before 7.0.2; 7.5.x before 7.5.1; 7.6.x before 7.6.1; 7.7.x before 7.7.1; 7.8.x before 7.8.1; Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier. Description...
The Unified Cloud
Throughout the history of cloud computing, 2006 was a momentous year. In 2006 Amazon Web Services released S3, the first pay per GB storage service. By August, they released EC2, allowing you to spin up a server and pay by the hour in the cloud. In the decade that has followed, AWS has emerged as...
Hands-On Review: Converged Networking and Security with Cato Networks
Nobody likes to do router and firewall management. It often requires a lot of hard labor just keeping the infrastructure up and running. If you ever had to set up IPsec tunnels between different firewall brands, change a firewall rule and hope nothing breaks, upgrade to the latest software or...
Akamai IT Challenge - 100 apps on EAA in 100 days
About a month or so ago I shared a quick video interview with Joe DeFelice. Joe is a Sr. Director Enterprise Security & Infrastructure Engineering here at Akamai. In the video Joe outlines a few of the major initiatives he and the team are working on, including moving towards eliminating the VPN...
Nextcloud: Missing Rate Limiting protection leading to mass triggering of e-mails
The issue is that there is a speed bump missing in the subscription of e-mail for a user. This would eventually let the attacker spam to any random e-mail resulting in exhaustion of resources on your side and I see that you are using Amazon AWS's SES where you are charged per e-mail. If a dedicat...
Monitor AWS & GCP Configurations: Security Monkey
Monitor AWS & GCP Configurations Security Monkey is an OpenSource application from Netflix NetflixOSS which monitors/alerts/reports one or multiple AWS/GCP accounts for anomalies. Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It...
Auto Lender Exposes Loan Data For Up To 1 Million Applicants
A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed on an insecure online database. The company behind the database is Alliance Direct Lending Corporation, according to Kromtech Security Research Center, whi...
Kali Linux 2017.1 Release
As with all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools – but this release has a few more surprises up its sleeve. Support for RTL8812AU Wireless Card Injection These driver...
Cesanta Mongoose OS - Use-After-Free Vulnerability
Exploit for hardware platform in category dos / poc Product: Mongoose OS Vendor: Cesanta CVE ID: CVE-2017-7185 CSNC ID: CSNC-2017-003 Subject: Use-after-free / Denial of Service Risk: Medium Effect: Remotely exploitable Authors: Philipp Promeuschel Carel van Rooyen Stephan Sekula Date: 2017-04-03...