97 matches found
CVE-2017-11685
Multiple Reflective cross-site scripting XSS vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter...
Cross-Site Scripting Vulnerability in Accessible Assisted Browsing
Accessibility Aids is an accessibility aid for government websites that focuses on information technology construction, web content accessibility and internet accessibility. Accessibility Assisted Browsing has a cross-site scripting vulnerability, as the program fails to filter the event...
CVE-2016-2156
calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a...
Cross site request forgery (csrf)
calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a...
Not So Fast! Boyd OODA Looping Is More Than Speed
The name "John Boyd" and the term "OODA Loop" are probably familiar to many of the readers of this blog. I've mentioned one or the other in 2006, 2007, 2009 twice, and 2014. Boyd was a fighter pilot in the Korean war and revolutionized thinking on topics like fighter design and military strategy...
Squert - A Simple QUEry and Report Tool
Squert is a web application that is used to query and view event data stored in a Sguil database typically IDS alert data. Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped resu...
Ethernet Industrial Protocol (EtherNet/IP) Server Explicit Message Detection
Binary data 8278.prm...
Ethernet Industrial Protocol (EtherNet/IP) Client Explicit Message Detection
Binary data 8277.prm...
Ethernet Industrial Protocol (EtherNet/IP) Client Explicit Message Detection
Binary data 7114.pasl...
CVE-2012-6360
Cross-site scripting XSS vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields...
CVE-2012-6360
Cross-site scripting XSS vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields...
BPM Database leaked by p0keu for #AntiSec
BPM Database leaked by p0keu for AntiSec One more Hacker with name "p0keu" leak the database of BPM https://visitbpm.co.uk for Antisec. BPM is the world's largest event dedicated to DJing, electronic music production and club culture has had its whole database leaked via twitter. The database is...
CVE-2011-0756
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...
Hardcoded credentials
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...
CVE-2011-0756
Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials in the application server, allowing remote attackers to connect via the management port through the remote console GUI and read security-event data. The linked Red Hat advisory confirms the same issue as CVE-2011-0756, a...
[VulnWatch] iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability
Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability iDefense Security Advisory 01.23.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 January 23, 2006 I. BACKGROUND iTechnology is an integration technology which provides standard...