Log injection in SAP NetWeaver AS Java using basic auth

Application: SAP NetWeaver AS Java Versions Affected: ENGINEAPI 7.10-7.50 Vendor URL: SAP Bug: Log Injection Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 14.11.2017 Reference: SAP Security Note 2485208 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

Privilege Escalation Flaw Patched in Schneider Wonderware

Data analysis and visualization software deployed inside a larger operational intelligence software sold by Schneider Electric has been patched against a critical privilege escalation vulnerability. The vulnerability was discovered in-house by Schneider Electric engineers in the Tableau...

Costin Raiu on the Importance of Using YARA

Ryan Naraine talks with Costin Raiu, the Global Director of GReAT at Kaspersky Lab, about the benefits of taking the YARA training class available at SAS 2017. Listen to learn about how YARA can be used in malware hunting, data analysis and incident response activities. Download:...

cURL/libcurl Detection

Binary data 9771.prm...

Twitter OSINT framework: Birdwatcher

Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be...

ABB DataManagerPro DLL Local Code Execution Vulnerability

ABB DataManagerPro is a data analysis software package from ABB Switzerland. The software allows automatic data collection via Ethernet and database management. ABB DataManagerPro has a local code execution vulnerability. This vulnerability can be exploited by a local attacker to gain privileges ...

SQL Injection Vulnerability in the Online Data Analysis System of Jinan Angliwan Software Development Co.

Online data analysis system of Jinan Onlivan Software Development Co. Online Data Analysis System suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Microsoft Security Intelligence Report: Top Takeaways

Microsoft’s Security Intelligence Report painted a bleak picture when it comes to malware, fraudulent login attempts and the staying power of really old exploits. Key findings in the 198-page biannual report run the gamut illustrating how old threats die hard and what new threats are on the...

Capturing and Analyzing Network Flow Data: Joy

A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring. Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture pcap files, using a flow-oriented mod...

Firmware Analysis Tool: Binwalk

Binwalk is a fast, easy to use tool for analyzing and extracting firmware images Firmware Analysis Tool Binwalk is: Fast Flexible Extendable Easy to use Binwalk can: Find and extract interesting files / data from binary images Find and extract raw compression streams Identify opcodes for a variet...

Collection Of Awesome Honeypots

A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects. Honeypots Database Honeypots Elastic honey - A Simple Elasticsearch Honeypot mysql - A mysql honeypot, still very very...

Mail.ru: [w1.dwar.ru] Core Dump

Если помните багу с HeartBleed, то там можно было читать оперативную память сервера в поисках Credential информации. Здесь же похожая уязвимость, когда сервер crash-ится, на жестком диске остаётся дамп памяти вместе со всеми данными, которые можно анализировать для выяснения причины падения...

Social Media Mining: MassMine

MassMine is a social media mining and archiving application that simplifies the process of collecting and managing large amounts of data across multiple sources. It is designed with the researcher in mind, providing a flexible framework for tackling individualized research needs. MassMine is...

wazuh

Wazuh !Slackhttps://img.shields.io/badge/slack-join-blue...

Wireless Toolsuite: WRAITH

Wireless reconnaissance, collection and exploitation toolsuite Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing t...

How to Diagnose Network Fault with Log & Event Manager

Diagnosing network fault is one of the toughest questions for an IT Pro to answer because there is no single or best way. IT infrastructures are multi-layered and integrate many different systems which makes identifying the cause of network fault a difficult task. At a high level, the process of...

Gitrob Combs Github Repositories for Secret Company Data

Free online code repositories such as GitHub provide a valuable collaboration service for enterprise developers. But it’s also a trove of potentially sensitive company and project information that’s likely to warrant attention from hackers. An application security specialist from Berlin has...

FTC Urges IoT Privacy, Security at Consumer Electronics Show

In her keynote address yesterday at the Consumer Electronics Show in Las Vegas, Federal Trade Commission Chairwoman Edith Ramirez imagined the dystopic convergence of big data conglomerates and a ceaseless information gathering machine fueled by the constant connectivity ushered in by the so-call...

MIRcon 2014 – Day 2 Highlights

MIRcon 2014 It seemed fitting that the last day of MIRcon started with a total lunar eclipse and ended with an inspirational keynote address by renowned astrophysicist Dr. Neil deGrasse Tyson. After an amazing two days of content, MIRcon 2014 is officially in the books! Following are some of the...

IBM Netezza Performance Portal用户验证凭据管理绕过漏洞

CVE ID:CVE-2013-6731 IBM Netezza数据仓库应用设备将存储、处理、数据库和分析融入到一个高性能数据仓库设备中,使大数据高级分析更简单、更迅捷和更易用。 IBM Netezza Performance Portal不正确限制对验证凭据管理的访问，允许攻击者利用漏洞通过特制的HTTP POST请求来更改其他用户的密码。 0 IBM Netezza Performance Portal 2.0 IBM Netezza Performance Portal 2.0.0.1 IBM Netezza Performance Portal 2.0.0.2 厂商补丁： IBM...