JVN#57749899: The installer of e-Tax software(common program) vulnerable to privilege escalation

The installer of e-Tax softwarecommon program provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry CWE-268. Impact A malicious DLL prepared by an attacker may be...

Cynet's Keys to Extend Threat Visibility

We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM's Cost of a Data Breach Report that has been tracking th...

InsightIDR’s NTA Capabilities Expanded to AWS

We’re excited to announce we have expanded the Network Traffic Analysis NTA capabilities in InsightIDR to support Amazon Web Services AWS environments. This means InsightIDR and MDR customers can now ingest detailed network data from AWS, including north/south and east/west traffic across a...

ntaonline.com Cross Site Scripting vulnerability OBB-1345235

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

nta.co.jp XSS vulnerability

Open Bug Bounty ID: OBB-629332 Description| Value ---|--- Affected Website:| nta.co.jp Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

JVN#79451345: Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries

Installer of Setup file of advance preparation for e-Tax software WEB version provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact Arbitrary code may be executed with the privilege of the user invoking the...

nta.co.jp XSS vulnerability

Vulnerable URL: http://www.nta.co.jp/jump/j.php?url="...

CVE-2014-9566

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor NPM before 11.5, NetFlow Traffic Analyzer NTA before 4.1, Network Configuration Manager NCM before 7.3.2, IP...

CVE-2014-9566

CVE-2014-9566 : SolarWinds Orion Platform is affected by multiple SQL injection vulnerabilities in the AccountManagement.asmx endpoints (GetAccounts, GetAccountGroups). The issue allows remote authenticated users to execute arbitrary SQL commands by supplying crafted dir or sort parameters. Affec...

SolarWinds Netflow Traffic Analyzer (NTA) < 4.1 Multiple SQLi Vulnerabilities

SolarWinds Netflow Traffic Analyzer NTA is prone to multiple SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

SolarWinds Netflow Traffic Analyzer (NTA) Detection (HTTP)

HTTP based detection of SolarWinds Netflow Traffic Analyzer NTA. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

RE: [Full-disclosure] Cisco VPN Concentrator IKE resource exhaustionDoS Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello: This is a Cisco PSIRT response to an advisory published by an unaffiliated third party, Roy Hills, of NTA Monitor Ltd posted as of July 26, 2006 at http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html, and entitled: Cisco VPN...

[Full-disclosure] Cisco VPN Concentrator Groupname Enumeration Vulnerability

Cisco VPN Concentrator Groupname Enumeration Vulnerability 1. Overview: NTA Monitor has discovered a groupname enumeration vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer. The vulnerability affects remote access VPNs with...