8 matches found
Test your team’s security readiness with the Gone Phishing Tournament
Why should you care about the behavioral risk of your employees? Eighty-two percent of breaches include and often start with user behavior.1 Not all are phishing, but a majority of them are just that. Phishing is, and has been for many years, the cheapest and most reliable way for an attacker of...
Four Essential Features for a Database Security Strategy to Take on a Growing Threat Landscape
For a considerable time, many organizations have used three to five on-premise databases to manage their workloads, and many teams have tried to funnel every application into using those databases. Today, as the pressure to innovate while keeping costs low intensifies, organizations have started...
DISA Security Readiness Review Scripts for Solaris Local Privilege Escalation
The remote host has a copy of the DISA Security Readiness Review SRR Scripts for Solaris that is affected by a local privilege escalation vulnerability. The vulnerability could be leveraged to execute files in arbitrary directories with root privileges, as long as such files are named 'java',...
DISA Security Readiness Review Scripts Detection
The remote host has a copy of the DISA Security Readiness Review SRR Scripts present. TRUSTED...
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
Application executes all executables with predefined names found in system...
DISA UNIX SRR scripts execute untrusted programs as root
Overview The Defense Information Systems Agency DISA UNIX Security Readiness Review SRR scripts find1 and execute -exec various programs to obtain version information. The SRR scripts are designed to be run as root. An attacker who can write a file under the root file system may be able to exploi...
Code injection
The U.S. Defense Information Systems Agency DISA Security Readiness Review SRR script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to 1 java, 2 openssl, 3 php, 4 snort, 5 tshark, 6 vncserver, or 7 wireshark, which allows local users to gain...
CVE-2009-4211
The U.S. Defense Information Systems Agency DISA Security Readiness Review SRR script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to 1 java, 2 openssl, 3 php, 4 snort, 5 tshark, 6 vncserver, or 7 wireshark, which allows local users to gain...