38 matches found
Your Guide to PCI DSS 4.0.1 Web Application and API Controls with a Simplified Path to Compliance
Executive Summary PCI DSS 4.0.1 compliance mandates stricter security controls for web applications and APIs. Key updates include maintaining an inventory of custom software PCI 6.3.2 and managing payment page scripts to prevent skimming attacks PCI 6.4.3. Organizations must also adopt risk-based...
EUVD-2009-3026
Malware in sbrugna...
EUVD-2024-16918
Malicious code in bioql PyPI...
CISA Requests Public Comment for Updated Guidance on Software Bill of Materials
CISA released updated guidance for the Minimum Elements for a Software Bill of Materials SBOM for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administration SBOM Minimum...
HCL Technologies HCL BigFix Inventory 安全漏洞
HCL Technologies HCL BigFix Inventory is a software inventory from HCL Technologies, USA. Maintaining software audits reduces security risks through software compliance and utilization management. A security vulnerability exists in the HCL BigFix Inventory server that stems from vulnerability to...
Information disclosure
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1...
Information disclosure
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
CVE-2024-1150 Improper validation of update packages
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1...
CVE-2024-1150 Improper validation of update packages
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1...
CVE-2024-1150
CVE-2024-1150 : Snow Software Inventory Agent on Unix (versions through 7.3.1) suffers from improper verification of cryptographic signatures in Snow Update Packages, enabling file manipulation via update packages. Root cause: insufficient/incorrect signature validation. Impact: integrity of upda...
CVE-2024-1149 Improper validation of update packages
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
CVE-2024-1149
CVE-2024-1149 concerns Snow Software Inventory Agent across macOS, Windows, and Linux. It stems from improper verification of cryptographic signatures, allowing file manipulation via Snow Update Packages. Affected versions include Inventory Agent up to 6.12.0, 6.14.5, and 6.7.2. The root cause is...
Nsasoft Hardware Software Inventory 1.6.4.0 Denial Of Service
Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Exploit Date: 2021-02-28 Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10...
Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)
Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Exploit Date: 2021-02-28 Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10...
Nsasoft Hardware Software Inventory 1.6.4.0 - (multiple) Denial of Service Exploit
Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10 Steps: 1- Run the python...
Exploit for OS Command Injection in Factorfx Open_Computer_Software_Inventory_Next_Generation
CVE-2020-14947 The offici...
The CIS Critical Security Controls Explained - Control 2: Inventory of Authorized and Unauthorized Software
As I mentioned in our last post, the 20 critical controls are divided into System, Network, and Application families in order to simplify analysis and implementation. This also allows partial implementation of the controls by security program developers who aren't building a program from scratch,...
[SECURITY] Fedora 20 Update: ocsinventory-2.0.5-8.fc20
Open Computer and Software Inventory Next Generation is an application designed to help a network or system administrator keep track of the computers configuration and software that are installed on the network. OCS Inventory is also able to detect all active devices on your network, such as...
Fedora Update for ocsinventory FEDORA-2012-5464
Check for the Version of ocsinventory OpenVAS Vulnerability Test Fedora Update for ocsinventory FEDORA-2012-5464 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Bitsmith Personal Knowbase Detection
Bitsmith Personal Knowbase is installed on the remote host. Bitsmith Personal Knowbase is personal knowledge base storage software. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid58648; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...