257 matches found
Google Offers Financial Support to Open Source Projects for Cybersecurity
Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The...
UPDATE: OWASP Dependency-Check 5.0.0
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...
Announcing the new Security Engineering website
To meet users’ expectations for security when using a product or cloud service, security must be an integral part of all aspects of the lifecycle. We all know this, and yet time has proven that this is far easier said than done because there is no single approach nor silver bullet that works in...
Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins
A widely used third-party NodeJS module with nearly 2 million downloads a week was compromised after one of its open-source contributor gone rogue, who infected it with a malicious code that was programmed to steal funds stored in Bitcoin wallet apps. The Node.js library in question is...
Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2016-0736 CVE-2016-2161 CVE-2016-8743)
Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypt...
AlienVault USM and OSSIM Remote Code Execution Vulnerabilities
AlienVault USM and OSSIM are both products of AlienVault Inc. of the U.S. USM is a set of security management platform that provides security monitoring, security event management and reporting, threat awareness system, etc. OSSIM is an open source security information management system. A securi...
January 4, 2017 – Morning Cyber Coffee Headlines – “Scrabble” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 4, 2018 - Headlines Carbon Black in the News: Ransomware: The Problem...
The vulnerability of the NfSen web interface, the system for management, control, and information security management of AlienVault USM and OSSIM, is related to deficiencies in access control. This allows attackers to enhance their privileges and execute arbitrary commands on the operating system.
The vulnerability of the NfSen web interface, as well as the systems for management, control, and information security management of AlienVault USM and OSSIM, is related to deficiencies in access control. Exploitation of this vulnerability can allow a malicious actor to enhance their privileges a...
AlienVault USM/OSSIM/NfSen Remote Code Execution Vulnerability
AlienVault USM and OSSIM are both products of AlienVault, Inc. in the U.S. USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system, among other features.OSSIM is an open-source security information management...
UBUNTU-CVE-2013-5321
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management OSSIM 4.1 allow remote attackers to execute arbitrary SQL commands via the 1 sensor parameter in a Query action to forensics/baseqrymain.php; the 2 tcpflags or 3 tcpport04 parameter to...
OSSAMS - Open Source Security Assessment Management System
OSSAMS - Open Source Security Assessment Management System As information security professionals, we conduct security assessments for companies. One of the biggest problems we have is after all the data is collected, how can we correlate the data accurately. So we decided to start a project to...
OSSAMS - Open Source Security Assessment Management System
OSSAMS - Open Source Security Assessment Management System As information security professionals, we conduct security assessments for companies. One of the biggest problems we have is after all the data is collected, how can we correlate the data accurately. So we decided to start a project to...
metasploit-framework
Metasploit Framework The Metasploit Framework is an open-sour...
AlienVault OSSIM Detection
Detects the installed version of AlienVault OSSIM Open Source Security Information Management and USM Unified Security Management This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpt...
CVE-2009-3440
Cross-site scripting XSS vulnerability in Open Source Security Information Management OSSIM before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI aka the main menu...
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.760-RC2=x cXIb8O3.3 Author: cXIb8O3Maksymilian Arciemowicz Date: 20.2.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.750 and 0.760-RC2 PostNuke is an open source, open developement...
Advisory CA-2001-01
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-01 Interbase Server Contains Compiled-in Back Door Account Original release date: January 10, 2001 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Borland/Inprise Interbase 4.x and 5...