The vulnerability of the BIRT platform’s reporting and business analytics configuration allows attackers to gain unauthorized access to protected information or execute arbitrary code.

The vulnerability of the BIRT reporting and business analytics platform’s configuration involves insufficient validation of input data when processing headers from the server with the report parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

EAST - Extensible Azure Security Tool - Documentation

Extensible Azure Security Tool Later referred as E.A.S.T is tool for assessing Azure and to some extent Azure AD security controls. Primary use case of EAST is Security data collection for evaluation in Azure Assessments. This information JSON content can then be used in various reporting tools,...

Update improves port exhaustion identification in Windows Server 2012 R2

Update improves port exhaustion identification in Windows Server 2012 R2 This article describes an update that enables port exhaustion identification without a memory dump in Windows Server 2012 R2. Before you install this update, see the Prerequisites section. About this update Network reporting...

Outpost24 OUTSCAN for detecting vulnerabilities on your network perimeter

Today I would like to write a post about Outpost24. This company was founded in 2001. For comparison, Tenable was founded in 2002 and Qualys in 1999. So, it's a company with a pretty long history. Outpost24 make Vulnerability Management & Web Application Security products and provide various...

Multiple Local Information Disclosure Vulnerabilities in ABRT

ABRT is a set of automated bug reporting tools. ABRT has multiple local information disclosure vulnerabilities. A local attacker could exploit the vulnerabilities to obtain sensitive information...

Multiple Directory Traversal Vulnerability in ABRT

ABRT is a set of automated bug reporting tools. ABRT suffers from multiple directory traversal vulnerabilities. A local attacker can exploit this vulnerability by sending a request with the directory traversal character '...' with the directory traversal character '...'...

Cross site scripting

Cross-site scripting XSS vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field...

CVE-2007-6312

CVE-2007-6312 is an XSS vulnerability in the login page of Websense’s Web Reporting Tools portal (Websense Enterprise/Web Security Suite 6.3). The issue arises because the username field is not properly sanitized, allowing remote attackers to inject arbitrary script or HTML via that input. Affect...

CVE-2007-6312

Cross-site scripting XSS vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field...

Websense Reporting Tools WsCgiLogin.exe username Parameter XSS

The remote host is running Websense, a commercial suite of web filtering products. The remote instance of Websense fails to sanitize user input to the 'UserName' parameter of the 'Websense/cgi-bin/WsCgiLogin.exe' script before using it to generate dynamic content. An unauthenticated remote attack...