Linux: GRUB bootloader password

GRUB is the bootloader mainly used on Linux systems. If protected with a password, users can not enter or change boot parameters without a password. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

PT-2018-13698 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions 1.3.9 and earlier Description: The issue allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. The vendor disputes the significance of this report, citing their...

On Cache Poisoning

In March 2017, Akamai released a post, "On Web Cache Deception Attacks". A presentation at the Black Hat conference by James Kettle from Port Swigger on web cache poisoning has recently raised awareness of cache poisoning. This is a class of vulnerability with a long history. Cache poisoning can ...

Database Activity Monitoring: Configuring a Cluster in Four Easy Steps

Imperva SecureSphere Database Activity Monitoring DAM offers multiple deployment modes, including managing your gateways in a cluster. There are four steps to configuring a gateway cluster and we’ll be discussing them in this post. But first, let’s review the advantages of using a cluster: High...

Legal Robot: Amazon Bucket Accessible (http://legalrobot.s3.amazonaws.com/)

Seeing your s3 Amazon bucket, the problem is, visiting your amazon bucket will shows the files on the bucket, while secure bucket would bring up an access denied page. I have attached Screenshots comparing your bucket with secure bucket to show you what a secure bucket looks like and where the...

IT-Grundschutz M4.331: Sichere Konfiguration des Betriebssystems für einen Samba-Server

IT-Grundschutz M4.331: Sichere Konfiguration des Betriebssystems für einen Samba-Server Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4331.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.331 Authors: Thomas Rotter Copyright: Copyright c 2015...

Siemens SIMATIC S7-1200 Improper Input Validation Vulnerabilities

OVERVIEW Siemens has reported two improper input validation vulnerabilities discovered separately by Prof. Dr. Hartmut Pohl of softScheck GmbH and Arne Vidström of Swedish Defence Research Agency FOI in Siemens’ SIMATIC S7-1200 PLC. Siemens has produced a new version that mitigates these...

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as...

Microsoft develops secure Windows XP for military

Microsoft has developed an ultra-secure version of Windows XP, with many settings locked down by default. But the hardened OS isn’t for sale to the general public; it’s made specifically for the military. Microsoft built the secure version of XP a few years ago at the direction of the Air Force,...

BGP implementations do not properly handle UPDATE messages

Overview BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability...

Debian Security Advisory DSA 900-1 (fetchmail)

The remote host is missing an update to fetchmail announced via advisory DSA 900-1. Thomas Wolff discovered that the fetchmailconfig program which is provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, creates the new configuration in an insecure fashion that c...

JBoss Application Server may not properly restrict access to the administrative interface

Overview The JBoss Application Server may allow unauthenticated, remote access to the administrative console. Description JBoss is an open source application server implemented in Java. Because it is Java-based, JBoss can be used on any operating system that supports Java. JBoss servers can be...

Shadows Rising RPG 0.0.5b - Remote File Inclusion

/ + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - Shadows Rising RPG Pre-Alpha = 0.0.5b CONFIGgameroot Remote File Include Vulnerability + + + - Script name: Shadows Rising RPG Pre-Alpha v. 0.0.5b - Script site: http://sourceforge.net/projects/shadowsrising/ + + + - Find by: Kacper a.k.a...