Visitor Kiosk Access Systems Riddled with Bugs

Visitor-management systems protect business against physical threats such as unwanted and unidentified guests. But many of these lobby-based perimeter checkpoints are opening up companies to a bevy of cyber-threats. On Monday, IBM’s penetration testing team, X-Force Red, released a report that...

ProcDump Sysinternals Tool for Linux

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Requirements Minimum OS: Red Hat Enterprise Linux / CentO...

Protection Domain Has Third-Party Backup Snapshot(s)

Challenge Two different issues are possible: Scenario 1: Cannot Remove Protection Domain When trying to remove a protection domain containing the virtual machines, which are being backed up by Veeam Backup for Nutanix AHV backup appliance, the following error occurs: Specified protection domain h...

Security Bulletin: IBM Cúram Social Program Management when not configured with LDAP or SSO may be vulnerable to denial of service.(CVE-2014-6092).

Summary Default authentication methods in IBM Curam Social Program Management do not allow for a per user account lockout policy, and rather employ a single, system wide policy. For most users of the system, a low lockout threshold is desirable. However, for users used to integrate with another...

CVE-2018-13387

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML ...

State of the Internet Summer 2018 Attack Spotlight: What You Need To Know

Earlier this year, Akamai mitigated the largest DDoS attack in its history, fueled by a new reflector, memcached. The attack targeted one of our software clients and broke through the 1 Tbps threshold for the first time. Memcached was developed to act as a distributed memory caching system. Since...

Microsoft Windows: Interactive logon: Machine account lockout threshold

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winilmachineacclockoutthreshold.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Interactive logon: Machine account lockout threshold Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

AZL-7276 CVE-2018-10392 affecting package libvorbis for versions less than 1.3.7-1

mapping0forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service heap-based buffer overflow or over-read or possibly have unspecified other impact via a crafted file...

Microsoft Windows: Account lockout threshold

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winaccountlockoutthreshold.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Account lockout threshold WMI Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

CVE-2018-0254

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass configured file action policies if an Intelligent Application Bypass IAB with a drop percentage threshold is also configured. The vulnerability is due to incorrect...

CVE-2018-0254

Cisco Firepower System Software’s detection engine is affected by CVE-2018-0254. The issue arises when Intelligent Application Bypass (IAB) with a drop percentage threshold is configured, causing incorrect counting of dropped traffic. An unauthenticated, remote attacker could exploit this to bypa...

The vulnerability of the deviceThresholdConfig.xhtml component on the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the deviceThresholdConfig.xhtml component in the HPE Intelligent Management Center PLAT software is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using the beanName parameter...

CVE-2017-18039

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the messagesThreshold parameter...

Citrix SD-WAN Path State Sensitivity Control Overview

Bad Loss Sensitive – Select a setting from the drop-down menu. The options are: Enable– Default If enabled, paths will be marked BAD due to loss, and will incur a path scoring penalty. Disable – Disabling Bad Loss Sensitive can be useful when the loss of bandwidth is intolerable. Custom – Select...

ProcDump for Linux - A Linux version of the ProcDump Sysinternals tool

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Installation & Usage Requirements Minimum OS: Ubuntu 14.0...

CVE-2015-5059

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files $gviewprojdocthreshold is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the fileid parameter to...

ALPINE-CVE-2016-6128

The gdImageCropThreshold function in gdcrop.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service application crash via an invalid color index...

DEBIAN-CVE-2016-6128

The gdImageCropThreshold function in gdcrop.c in the GD Graphics Library aka libgd before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service application crash via an invalid color index...

Debian: Security Advisory (DSA-3388-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 Networks BIG-IP : NTP vulnerability (K10600056)

It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. CVE-2015-5300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP...