11 matches found
ICS-Forensics-Tools - Microsoft ICS Forensics Framework
Microsoft ICS Forensics Tools is an open source forensic framework for analyzing Industrial PLC metadata and project files. it enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. open source...
Contract not initialized after deployment
Lines of code Vulnerability details Impact In ReaperStrategyGranarySupplyOnly.sol, the initialize function is not called after deployment. Left open to unintended behaviour and/or an attacker calling the initialize function, gaining control of core permissions and functions, as highlighted in the...
CVE-2023-22742 libgit2 fails to verify SSH keys by default
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
Bucky - An Automatic S3 Bucket Discovery Tool
Bucky is an automatic tool designed to discover S3 bucket misconfiguration, Bucky consists up of two modules Bucky firefox addon and Bucky backend engine. Bucky addon reads the source code of the webpages and uses Regular ExpressionRegex to match the S3 bucket used as Content Delivery NetworkCDN...
GaussDB Kernel: Setting user for host Entries in the pg_hba.conf File
If user is set to all for host entries, any users are allowed to access the database. You are advised to set user for host entries to the user who needs to connect to the database. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and ar...
GaussDB Kernel: Specifying the Listening IP Address for the GDS Module
For the GDS module, you are advised to listen on the specified explicit IP addresses on a network segment to listen on the connections to the network Segment. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Linux: Mount data file partitions, CD/DVD, and USB partitions in noexec mode
Mounting data file partitions in noexec mode can make all files in the partitions nonexecutable, thus preventing security risks. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
ZSQL: Check whether User PUBLIC has Object Permission
Every user automatically belongs to user PUBLIC. For database security, do not grant object permissions to user PUBLIC SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
ZSQL: Check For Unknown Users In Database
Checks whether there are unknown users in DBUSERS. Unknown users may threaten database security. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
Linux: SSH DenyUsers
The DenyUsersvariable gives the system administrator the option of denying specific users to ssh into the system. The list consists of space separated user names. Numeric user IDs are not recognized with this variable. If a system administrator wants to restrict user access further by specificall...
Linux: SGID files
When the SGID set group ID bit is set on an executable, it executes with the GID of the owner. This may be intended for some executables. Add files with SGID bit which should be allowed to have this bit set in the preference. This script checks if any other local files than the given have the SGI...