995 matches found
Data Warehouse Permission issues
Cause MP Version 8 uses dataset rules to collect host security profiles and snapshots. When a collector is installed on an agent, there is no issue. The data is forwarded to Management Server and written to DW under the DW account. When a collector runs on a Management Server which is our use cas...
Security and Privacy Assurance Research: SPARTA Framework
Security and Privacy Assurance Research Developed as a part of MIT Lincoln Laboratory’s test and evaluation role in the SPAR Security and Privacy Assurance Research program , SPARTA SPAR Testing and Assessment framework is a set of software applications used to evaluate the functionality and...
[SECURITY] Fedora 24 Update: redis-3.2.8-1.fc24
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
Open Source Malware Clusterization Toolkit: Cosa Nostra
Open Source Malware Clusterization Toolkit Cosa Nostra is an open source software clustering toolkit with a focus on malware analysis. It can create phylogenetic trees of binary malware samples that are structurally similar. It was initially released during SyScan360 Shanghai 2016. Required 3rd...
SAP NetWeaver AS ABAP 7.4 Directory Traversal
Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina...
CVE-2016-4331
When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...
UBUNTU-CVE-2016-4331
When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...
CVE-2016-4331
When decoding data out of a dataset encoded with the H5ZNBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution...
HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...
Censys Search
The module uses the Censys REST API to access the same data accessible through the web interface. The search endpoint allows queries using the Censys Search Language against the Hosts dataset. Setting the CERTIFICATES option will also retrieve the certificate details for each relevant service by...
Dashbuilder: SQL Injection on data set lookup filters
A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...
Fortinet FortiManager FortiOS 5.0.x >= 5.0.3 and < 5.0.11 Dataset Reports XSS
The Fortinet FortiManager FortiOS version running on the remote host is 5.x greater than or equal to 5.0.3 and prior to 5.0.11. It is, therefore, affected by a cross-site scripting vulnerability in the advanced dataset reports page due to a failure to properly sanitize user-supplied input to the...
Fortinet FortiAnalyzer FortiOS 5.0.x < 5.0.11 / 5.2.x < 5.2.2 Dataset Reports XSS
The Fortinet FortiAnalyzer FortiOS version running on the remote host is 5.0.x prior to 5.0.11 or 5.2.x prior to 5.2.2. It is, therefore, affected by a cross-site scripting vulnerability in the advanced dataset reports page due to a failure to properly sanitize user-supplied input to the...
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS Google Dork: inurl:"woocommerce-exporter" Date: 26/08/2014 Exploit Author: Mike Manzotti @ Dionach Vendor Homepage: http://www.visser.com.au/plugins/store-exporter/ Software Link:...
codders-dataset Gem for Ruby lib/dataset/database/mysql.rb and lib/dataset/database/postgresql.rb Process Table Local Plaintext Credential Disclosure
"1 lib/dataset/database/mysql.rb and 2 lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process."...