Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers

Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...

EUVD-2022-48247

Malicious code in bioql PyPI...

CVE-2025-24288

The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts most with sudo access that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside...

Command Execution Vulnerability in Panabit Log Audit System of Beijing Paiwang Software Co.

Beijing PaiNet Software Co., Ltd. is a technology company focusing on providing network application layer solutions for the government and enterprise industries. A command execution vulnerability exists in the panabit log auditing system of Beijing Pai Networks Software Co. Ltd, which can be...

Configure Audit Rules for File System Mounting

Generally, for deployed services, the file system mounting does not change. Therefore, any change in the file system mounting may indicate attacks. For file systems with changes in mounting, audit and monitor their mounting conditions for tracing. By default, audit rules for file system mounting...

Configure Dumping journald Logs for rsyslog

The system uses journald to collect logs. Logs may be stored on volatile or persistent storage devices. As a result, logs may be lost or the drive space may be used up. In this case, logs need to be dumped in a timely manner to ensure the security of logs and the system. SPDX-FileCopyrightText:...

Protecting your privacy: Opera has completed an independent no-log audit of its free browser VPN

Privacy Protecting your privacy: Opera has completed an independent no-log audit of its free browser VPN Share September 25th, 2024 Hi Opera users! We are excited to announce that we have successfully completed an independent audit of our no-log policy for Opera’s free browser VPN available on...

Command Execution Vulnerability in Panalog Log Audit System of Beijing Paiwang Software Co.

Panabit log auditing system supports clustering and open Raw Data interface to Hadoop big data platform. And embedded in the cloud control platform, convenient for users to unify and centralized monitoring and so on. Panabit Log Audit System has a command execution vulnerability that can be...

Linux: Separate partition for /var/log/audit

The /var/log/audit directory is used by auditd. This script tests if a separate partition exists for /var/log/audit. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GN...

Weak Password Vulnerability in Mingguo Comprehensive Log Audit Platform of Hangzhou Anheng Information Technology Co.

MingGuard Integrated Log Audit Platform is a comprehensive management platform as an information system. There is a weak password vulnerability in Mingguo Comprehensive Log Audit Platform of Hangzhou ACE Information Technology Co., Ltd, which can be exploited by an attacker to log in to the syste...

Weak Password Vulnerability in the System-Log Audit System of Taihe Information Security Operation Center of Beijing Qixingchen Information Security Technology Co.

TAICHI Information Security Operation Center System - Log Audit System TSOC-SA, TSOC-SA is capable of real-time collection of logs, events, alarms and other information generated by security devices, network devices, hosts, operating systems, and various application systems from different vendors...

Linux: Separate partition for /var/log/audit directory

The /var/log/audit directory is used by auditd. This script tests options set on /var/log/audit filesystem. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General...

Weak Password Vulnerability in Netnifty Security Management System - Log Audit System by Default

Netnifty Security Management System - Log Audit System hereinafter referred to as Leadsec-RS is a security product for information system log auditing. A weak password vulnerability exists in the Leadsec-RS. The system administrator account password is: sysadmin/leadsec.sysadmin allows an attacke...

ManageEngine EventLog Analyzer 10.6 Build 10060 SQL Query Execution

Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication: 14/09/2015 Vulnerability Type: authenticated SQL query execution...