4945 matches found
Sending tables from Atlassian Confluence to Splunk
Sometimes when we make automated analysis with Splunk, it might be necessary to use information that was entered or edited manually. For example, the classification of network hosts: do they belong to the PCI-DSS Scope or another group critical hosts or not. In this case, Confluence can be quite ...
OWTF v2.4 - Offensive Web Testing Framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide v3 and v4, the OWASP Top 10, PTES and NIST so that pentesters will have more time to See the big picture and think out of the box More efficiently...
The first Spark REST API is not authorized to exploit analysis-exploit warning-the black bar safety net
2018 7 on 7 May, Ali Cloud Security for the first time to capture the Spark REST API unauthorized RCE vulnerability to attack of real samples. 7 on number 9 plays, Ali Cloud Platform has been able to the default of Defense the vulnerability of the large-scale use. This is the first time in...
Faraday v3.0 - Collaborative Penetration Test and Vulnerability Management Platform
This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment. Faraday just got much faster Architecture changes and a new...
Authorization
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges...
CVE-2018-11060
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges...
CVE-2018-11060
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges...
CVE-2018-11060
RSA Archer is affected by an authorization bypass vulnerability in the REST API prior to version 6.4.0.1. The issue allows a remote authenticated Archer user to potentially elevate privileges due to an authorization check flaw in the REST endpoint. Impact is privilege escalation within the Archer...
LocalTapiola: User Information Disclosure via the REST API - /?_method=GET
Basic report information Summary: browser access to www.lahitapiolarahoitus.fi/wp-json is restricted for general public but it is still be accessible through which User information is leaked. Description: By default Wordpress allow public access to Rest API to get information about all users...
Apache Hadoop YARN ResourceManager remote command execution
Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...
Apache Hadoop YARN ResourceManager remote command execution
Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...
Apache Hadoop YARN ResourceManager remote command execution
Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...
Authentication Bypass
Infinispan is vulnerable to authentication bypass. The vulnerability is possible because its REST API does not restore the auth constraints, allowing the attacker to read or write data in the default cache or a known cache name...
Default configuration
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...
CVE-2017-2638
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...
CVE-2017-2638
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...
CVE-2017-2638
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...
CVE-2017-2638
The CVE-2017-2638 issue affects Infinispan where the REST API did not properly enforce authentication constraints, enabling an attacker to read or modify data in the default cache or a known cache name. Affected product scope is Infinispan before version 9.0.0. The root cause, as described across...
Hadoop YARN ResourceManager - Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hadoop YARN ResourceManager Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution...
Hadoop YARN ResourceManager Unauthenticated Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hadoop YARN ResourceManager Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution...