Uncover Sensitive Data with the Classifier Tool

Understanding what sensitive data resides in your enterprise database is a critical step in securing your data. Imperva offers Classifier, a free data classification tool that allows you to quickly uncover sensitive data in your database. Classifier contains over 250 search rules for popular...

Bad Code Library Triggers Devil's Ivy Vulnerability in Millions of IoT Devices

Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attackers to remotely gain control over devices or crash them. The vulnerability, dubbed Devil’s Ivy, was identified by ​researchers at Senrio...

Devil's Ivy vulnerability(CVE-2017-9765)

When we began a security analysis of remote configuration services last year, we had no idea it would lead us to uncover vulnerabilities that affect so many users. We have been studying the prevalence and nature of the vulnerabilities that arise in remote configuration services, so when we...

Oracle E-Business Suite 12.x - Server-Side Request Forgery

Exploit Title: Oracle E-Business Suite - Server Side Request Forgery Date: 19 July 2017 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Greetings: Raj3sh.tv, Deepu.tv Vendor Homepage: www.oracle.com Software Link:...

scan-interfax.ru XSS vulnerability

Vulnerable URL: http://www.scan-interfax.ru/Account/Logon/%3Csvg%20onload=alert/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1576736 VIP website status:| Yes Check...

AVG AntiVirus for MacOS Information Disclosure Vulnerability

AVG AntiVirus for MacOS is an antivirus and anti-backdoor antivirus program for MacOS. scan engine is one of the antivirus scanning engines. A security vulnerability exists in versions of AVG AntiVirus for MacOS prior to scan engine 4668. A remote attacker could exploit the vulnerability to bypas...

X (Formerly Twitter): XXE on sms-be-vip.twitter.com in SXMP Processor

Hi team, What type of issue are you reporting? Does it align to a CWE or OWASP issue? I've identified an XXE vulnerability in the cloudhopper sxmp servlet on sms-be-vip.twitter.com which discloses local files to an external attacker and allows web requests to be sent. This aligns to...

Not All Threats Are Created Equal

In today’s world, security teams are bombarded constantly with security events and threat information from multiple sources, making it impossible to address each threat with the same amount of urgency. Where does one even start? We know every threat should be addressed, but not all threats are...

CVE-2017-10925

IrfanView 4.44 32bit with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at...

Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010

A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day, affecting organizations in several european countries and the US. It is believed that the ransomworm may achieve its initial infection via a malicious document attached to a phishing email, and then leverages the...

Protecting against DoublePulsar infection with InsightVM and Nexpose

After WannaCry hit systems around the world last month, security experts warned that the underlying vulnerabilities that allowed the ransomworm to spread are still unpatched in many environments, rendering those systems vulnerable to other hacking tools from the same toolset. Rapid7s Project...

spoilerwall - Avoid being scanned by spoiling movies on all your ports!

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports! Firewall? How about Fire'em'all! Stop spending thousand of dollars on big teams that you don't need! Just fire up the Spoilers Server and that's it! Movie Spoile...

Wanna see WannaCry vulns in Splunk?

Do you want to see your WannaCry vulns all in one dashboard in Splunk? We've got you covered. Before you start, make sure you have these two apps installed in your Splunk App: Rapid7 Nexpose Technology Add-On for Splunk Rapid7 Nexpose for Splunk Steps 1. Follow the directions in this blog post to...

RED HAWK - All In One Tool For Information Gathering, SQL Vulnerability Scannig and Crawling

RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scannig and Crawling. Coded In PHP. Features Of The Tool: Server detection Cloudflare detector robots scanner CMS Detector WordPress Joomla Drupal Magento Whois GEO-IP Scan NMAP Port Scan DNS Lookup SubNet Calculator...

Chat With Hacker Assistant: hackerbot

Chat with your assistant and enjoy hacking This bot is a combination of chatbot and hacking tools Chatting Twitter account analysis Url scan File scan Ip scan Linux enumeration Linux priv escalation checker Shellshock Mimipenguin Installation git clone https://github.com/omergunal/hackerbot cd...

openstack-heat: Template source URL allows network port scan

An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...

openstack-heat: Template source URL allows network port scan

An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...

openstack-heat: Template source URL allows network port scan

An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...

Security update 2017-06-13

...

An All In One Information Gathering Tool: RED HAWK

RED HAWK is An All In One Tool For Information Gathering, SQL Vulnerability Scanning and Crawling.Coded In PHP Scans That You Can Perform Using RED HAWK : Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare Detection robots.txt Scanner Whois Lookup IMPROVED...