Auditing Your Database – Is It Enough For Your Data Security Needs?

Audit trails have been a feature of databases for a long time, but are they still compatible with todays data security demands? What do you need to do, as a security officer, to get the most information about what’s happening to your company’s data? Are audit trail features impregnable to possibl...

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques

Web applications suffer continuously evolving attacks, where a web application firewall WAF is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern...

Atlassian Jira 7.13.x < 7.13.3 / 8.x < 8.1.0 CSRF via Logging and Profiling Feature (JRASERVER-70849)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.13.x prior to 7.13.3 or version 8.x prior to 8.1.0. It is, therefore, affected by a cross-site request forgery XSRF vulnerability that allows remote, unauthenticated attackers to...

CVE-2019-20415

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery CSRF vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0...

CVE-2020-11741

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users with active profiling to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenopr...

DEBIAN-CVE-2020-11741

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users with active profiling to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenopr...

CVE-2020-11740

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users without active profiling to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not...

CVE-2020-11741

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users with active profiling to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenopr...

UBUNTU-CVE-2020-11741

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users with active profiling to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenopr...

CVE-2020-11740

CVE-2020-11740 affects the Xen hypervisor (Xen through 4.13.x) with xenoprof profiling. The vulnerability lets guest OS users obtain sensitive information about other guests by requesting to map xenoprof buffers when profiling is not enabled, and those buffers are not scrubbed. Noted in multiple ...

multiple xenoprof issues

ISSUE DESCRIPTION Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. This is CVE-2020-11740. Furthermore, for guests for which "active" profiling was enabled by the administrator, the xenoprof code use...

PT-2020-12819 · Xen +3 · Xen +3

Name of the Vulnerable Software and Affected Versions: Xen versions through 4.13.x Description: An issue in xenoprof allows guest OS users with active profiling to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. The xenoprof code uses the...

CSRF via Logging and Profiling feature - CVE-2019-20415

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery CSRF vulnerability. Affected versions: version 7.13.3 8.0.0 ≤ version 8.1.0 Fixed versions: 7.13.3 8.1.0...

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

‘Highly Competitive' Buer Loader Emerges in Underground Markets

A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the “highly competitive” loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution. Researchers say they have spotted the load...

Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via dot net profiler', 'Description' = %q Microsoft Windows allows for the automatic loading of a profilin...

Windows Escalate UAC Protection Bypass Via Dot Net Profiler

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via dot net profiler', 'Description' = %q Microsoft Windows allows for the automatic loading of a profilin...

Imgur: De-anonymization Attack: Cross Site Information Leakage

Dear Imgur Security Team, We are researchers at the IMDEA Software Institute in Madrid, Spain. We have been working on analyzing Cross-Site Browser Leaks xsleaks and building a tool for finding instances of it on target web sites. Recently we tested imgur.com and discovered a flaw that can affect...