Unspecified Vulnerability in Oracle Hyperion Financial Management (CNVD-2021-33843)

Oracle Hyperion Financial Management is a comprehensive Web-based application that provides global financial consolidation, reporting, and analysis capabilities through a highly scalable software solution. A security vulnerability exists in the Task Automation component of Oracle Hyperion Financi...

Oracle Hyperion Financial Management 安全漏洞

Oracle Hyperion Financial Management is a comprehensive Web-based application that provides global financial consolidation, reporting, and analysis capabilities through a highly scalable software solution. A security vulnerability exists in the Task Automation component of Oracle Hyperion Financi...

VulnCheck KEV: CVE-2019-1069

A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations...

MoveKit - Cobalt Strike Kit For Lateral Movement

Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the executeassembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a...

How Philip Reiner Created the Ransomware Task Force

In our latest episode of Security Nation, we talk to Philip Reiner about his work with the Ransomware Task Force. Stick around for our Rapid Rundown, where Tod talks about a recently released bulletin from CISA about APT exploiting both new and old SAP vulnerabilities. Want More Inspiring Stories...

flask-authoob (>=0.0.21 <=0.0.34), pidb (=6.0.1) +1 more potentially affected by unknown CVE via flask-security-too (>=3.2.0rc1 <=3.3.3)

flask-security-too PYPI version =3.2.0rc1, =0.0.21, =6.0.0, =6.3.0 Source cves: unknown CVE Source advisory: OSV:GHSA-FXQ4-R6MR-9X64...

CVE-2020-13419

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task...

Directory traversal

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task...

CVE-2020-13419

CVE-2020-13419 concerns OpenIAM before 4.2.0.3, where a directory traversal vulnerability exists in the Batch task. The available connected sources confirm the affected product is OpenIAM (identity and access management platform) and the root cause is a directory traversal issue in batch task pro...

CVE-2020-13419

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Updated ant packages fix security vulnerability

Updated ant packages fix security vulnerability: As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one withou...

SharpGPOAbuse - Tool To Take Advantage Of A User'S Edit Rights On A Group Policy Object (GPO) In Order To Compromise The Objects That Are Controlled By That GPO

SharpGPOAbuse is a .NET application written in C that can be used to take advantage of a user's edit rights on a Group Policy Object GPO in order to compromise the objects that are controlled by that GPO. More details can be found at the following blog post:...

XSS in CreateQueuedJobTask

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...

GHSA-XGPF-P52J-PF7M XSS in CreateQueuedJobTask

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...

PyBeacon - A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python

PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic. It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskings Scripts included There is a small library which includes encryption/decoding methods, however some example scripts are...

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed the threat actor using...

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed the threat actor using...

ant: insecure temporary file

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

Ryuk Ransomware: Now with Worming Self-Propagation

A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems ANSSI. The agency...