138 matches found
Gitlab-Watchman - Monitoring GitLab For Sensitive Data Shared Publicly
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally. Features It searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP keys and...
MUD-Visualizer - A Tool To Visualize MUD Files
This tool can be used to visualize the MUD files in JSON format. Motivation MUD files are plain text files in JSON format that contain ACL rules for a device. A MUD file can contains tens or hundrends of ACL rules which makes it difficult to read and validate the files manually. mud-visualizer wi...
TikTok: CSRF To Add New App In Developer Account And Bypassing Json Format
The researcher found a CSRF issue allowing a malicious user to add arbitrary applications to a developer's account...
CVE-2020-16240
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...
CVE-2020-16240
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference IDOR vulnerability allows user account data to be downloaded in JavaScript object notation JSON format by users who should not have access to such functionality. An attacker can download sensitive data related to...
CVE-2020-16240
GE Digital APM Classic (Versions 4.4 and prior) is vulnerable to CVE-2020-16240: an Authorization Bypass Through User-Controlled Key (IDOR) that allows unauthorized users to download sensitive user‑account data in JSON . Root cause: insecure IDOR enabling data exfiltration. Affected product: GE D...
Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service
Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to...
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...
Information disclosure
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their...
WildPressure targets industrial-related entities in the Middle East
In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine KTAE doesn't...
CVE-2020-8497
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...
Format string
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...
CVE-2020-8497
Artica Pandora FMS
CVE-2020-8497
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...
CVE-2019-13523
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs Network Video Recorders, which can be accessed without authentication over the network...
Hardcoded credentials
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs Network Video Recorders, which can be accessed without authentication over the network...
The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary commands due to the recovery of unreliable data from memory.
The vulnerability of the XStream library for converting objects to XML or JSON format is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by interfering with the processing of XML objects or other support...