219 matches found
CVE-2023-39460
Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this...
CVE-2023-39460
Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this...
CVE-2023-39461
Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...
CVE-2023-39460
CVE-2023-39460 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability lies in event log creation, where a user-supplied path is not properly validated before file operations, enabling directory traversal and arbitrary file creation. The root cause is inadequate validation of the path, ...
ICA Latency in Director shows Cannot retrieve the data
When checking ICA latency for a VDA on an App Layering based image, Director does not show that data. ICA Latency within Director says "Cannot retrieve the data." Hovering over that error message in Director pops up the message: "Data source unresponsive due to a configuration error. View Directo...
NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly. Default Cmd: Windows Event Logs...
Using the LockBit builder to generate targeted ransomware
The previous Kaspersky research focused on a detailed analysis of the LockBit 3.0 builder leaked in 2022. Since then, attackers have been able to generate customized versions of the threat according to their needs. This opens up numerous possibilities for malicious actors to make their attacks mo...
IBM QRadar WinCollect Agent Resource Management Error Vulnerability
IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM for collecting and sending Windows event logs. A resource management error vulnerability exists in IBM QRadar WinCollect Agent that stems from vulnerability to server-side request forgery attacks. No detailed...
CVE-2021-43584
DOM-based Cross Site Scripting XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent NCPA before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log...
PT-2024-11029 · Nagios · Nagios Cross-Platform Agent
Name of the Vulnerable Software and Affected Versions: Nagios Nagios Cross-Platform Agent NCPA versions prior to 2.4.0 Description: The issue is related to a DOM-based Cross Site Scripting XSS vulnerability in the 'Tail Event Logs' functionality. This vulnerability allows attackers to run arbitra...
CVE-2021-43584
DOM-based Cross Site Scripting XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent NCPA before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log...
CVE-2021-43584
DOM-based Cross Site Scripting XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent NCPA before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log...
Persistence – Event Log
Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors. The logs are… Continue reading - Persistence - Event Log...
Persistence – Event Log
Windows Event logs are the main source of information for defensive security teams to identify threats and for administrators to troubleshoot errors. The logs are… Continue reading - Persistence - Event Log...
PVS | Error Id: XDDS:A6D8C1E7 - Unable to add Target Device to Catalog
Attempting to add Target Devices will return the following error: "The virtual machine with Mac Address in the selected Device Collection could not be found in any available connection". In View Details the following information is present: Error Id: XDDS:A6D8C1E7 Exception: DesktopStudioErrorId ...
CVE-2023-6687
An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest,...
IBM QRadar WinCollect Agent 信息泄露漏洞
IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM for collecting and sending Windows event logs. An information disclosure vulnerability exists in IBM QRadar WinCollect Agent. The vulnerability stems from the application's inadequate protection of sensitive...
Citrix Provisioning Target Poor Performance And Slow Boot
Target Devices appear to boot slowly and hang or remain stuck at a black screen shortly after power on. Other devices that are up and running can be found frozen. These machines might be found "unregistered" in Studio and you cannot RDP or console into them. PVS servers may be reporting DB Offlin...
How to use DSF Collections & Index Patterns – A Tutorial
In conventional terminology, Imperva Data Security Fabric DSF is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting Playbooks, and self-service data discovery Kibana-based Discover. Imperva DSF is purpose-built for data...
Using Velociraptor for large-scale endpoint visibility and rapid threat hunting
TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks 150k+ Deployments aren’t unheard of Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and encourages...