Lucene search
K

62 matches found

OSV
OSV
added 2020/04/14 7:15 p.m.4 views

CVE-2020-6214

SAP S/4HANA Financial Products Subledger, version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data,...

4.7CVSS5.8AI score0.00647EPSS
Exploits0References2
NVD
NVD
added 2020/04/14 7:15 p.m.17 views

CVE-2020-6214

SAP S/4HANA Financial Products Subledger, version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data,...

6.5CVSS4.7AI score0.00647EPSS
Exploits0References2
Prion
Prion
added 2020/04/14 7:15 p.m.10 views

Authorization

SAP S/4HANA Financial Products Subledger, version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data,...

6.5CVSS4.7AI score0.00647EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/04/14 6:5 p.m.17 views

CVE-2020-6214

SAP S/4HANA Financial Products Subledger, version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data,...

4.7CVSS4.7AI score0.00647EPSS
Exploits0References2
CISA
CISA
added 2020/01/22 12:0 a.m.14 views

Increased Emotet Malware Activity

The Cybersecurity and Infrastructure Security Agency CISA is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts t...

6.3AI score
Exploits0References4
Imperva Blog
Imperva Blog
added 2019/12/16 1:33 p.m.41 views

SQL Server 2019 Security Tool Inadvertently Reveals Where Sensitive Data is Stored

The first step in protecting your data and ensuring your database is compliant with security benchmarks and privacy regulations such as SOX, PCI, HIPAA, and GDPR is to understand what sensitive information resides in that database. Microsoft’s SQL Server 2019 introduces a new tool SQL Data...

0.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/11/29 9:41 a.m.94 views

Ships engines, a guide for pen testers

I spent several years as a ships engineer before straying in to pen testing. Ships used to be fairly secure; they were physically isolated at sea. Satcoms were scarily expensive, usually available only to the captain for business-critical communication. Even satphone use was heavily rationed. All...

6.6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2019/11/01 6:30 p.m.92 views

Krakow's Commitment to a Sustainable Office and Community

Written by Courtney Hadden, Corporate Sustainability, and Karolina Galeziowska, Krakow Sustainability Team Lead As an essential part of the Internet for over 20 years, Akamai believes it is our responsibility to help create digital experiences that are fast, intelligent and secure, while caring f...

0.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2019/06/01 8:0 p.m.118 views

Third-Party User Enumeration Issue Resolved

We were recently made aware of a user enumeration issue on the login page of SumTotal’s training website, a learning management solution that Qualys uses for its training and certification site. Upon learning of the issue, we immediately worked through the vendor to get it fixed. The training...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2019/03/28 4:12 p.m.67 views

Lazarus Group Widens Tactics in Cryptocurrency Attacks

North Korea-linked APT Lazarus Group has been spotted targeting the cryptocurrency business again, adding Apple users to the mix by using PowerShell scripts to control macOS malware, and honing its Windows strategy. The campaign has been active since at least November 2018, according to an analys...

6.9AI score
Exploits0References7
Prion
Prion
added 2018/06/11 9:29 p.m.17 views

Design/Logic Flaw

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...

4.3CVSS5.5AI score0.01167EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2018/06/11 9:0 p.m.138 views

CVE-2018-5108

CVE-2018-5108 is a Firefox Blob URL information-leak vulnerability. A Blob URL can violate origin attribute segregation, permitting data exchange between a private browsing context and a normal tab, enabling leakage of private information from the private context. Public documentation notes the a...

4.3CVSS5.5AI score0.01167EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.22 views

CVE-2018-5108

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...

5.7AI score0.01167EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.31 views

CVE-2018-5108

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...

4.3CVSS6.8AI score0.01167EPSS
Exploits0
Packet Storm
Packet Storm
added 2018/05/20 12:0 a.m.65 views

D-Link DSL-3782 Authentication Bypass

Exploit Title: D-Link DSL 3782 - Authentication Bypass Vendor Homepage: https://eu.dlink.com Version: A1WI20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT77616E6771696F6E67" Category: Webapps Exploit Author: Giulio Comi CVE : CVE-2018-8898 Date: 20/05/2018 Description The web panel ...

0.2AI score0.13282EPSS
Exploits5
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/05/08 12:34 p.m.16 views

Hacking train passenger Wi-Fi

After speaking about Wi-Fi security at a rail industry conference last week, it struck me that very insecure passenger networks are making their way on to trains. So, here’s a quick check list for making sure your pax Wi-Fi network is secure. Similar checks could be applied to your guest network ...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2018/03/19 4:0 p.m.60 views

Webcast Q&A: The GDPR Deadline Readiness and Impact to Global Organizations Outside the EU

With the EU’s General Data Protection Regulation GDPR going into effect in late May, organizations are hungry for clarifying information regarding its vaguely-worded requirements, in particular as they apply to cyber security and IT compliance. This interest in better understanding how to comply...

6.5AI score
Exploits0
OSV
OSV
added 2018/01/23 12:0 a.m.3 views

UBUNTU-CVE-2018-5108

A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is...

4.3CVSS6.7AI score0.01167EPSS
Exploits0References4
n0where
n0where
added 2017/06/26 3:55 a.m.30 views

Windows NSA Information Assurance: Locklevel

Windows NSA Information Assurance LOCKLEVEL was a rapidly built prototype that demonstrates a method for scoring how well Windows systems have implemented some of the NSA Information Assurance top 10 mitigation strategies . This prototype is being shared to encourage industry adoption of these...

0.4AI score
Exploits0References1
Packet Storm
Packet Storm
added 2013/11/19 12:0 a.m.112 views

Skidata RFID Freemotion.Gate Remote Command Execution

Title: SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution Product: Freemotion.Gate Vendor: SKIDATA, http://www.skidata.com/en/ RTP|One, http://http://www.rtp.com/ Vulnerable Versions: 4.1.3.5 and likely all prior versions. Tested Version: 4.1.3.5 Original...

0.3AI score
Exploits0
Rows per page
Query Builder