Lucene search
+L

88 matches found

Kitploit
Kitploit
added 2019/05/13 12:43 p.m.183 views

Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud

Policy as Code Bot PacBot is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy...

7.3AI score
Exploits0References14
ThreatPost
ThreatPost
added 2018/12/11 5:42 p.m.42 views

Adobe December 2018 Security Update Fixes Reader, Acrobat

Adobe has patched 87 vulnerabilities for Acrobat and Reader in its December Patch Tuesday update, including a slew of critical flaws that would allow arbitrary code-execution. The scheduled update comes less than a week after Adobe released several out-of-band fixes for Flash Player, including a...

10CVSS0.2AI score0.81971EPSS
Exploits13References4
Openbugbounty
Openbugbounty
added 2018/11/08 2:5 a.m.13 views

info.tripwire.com XSS vulnerability

Open Bug Bounty ID: OBB-696057 Description| Value ---|--- Affected Website:| info.tripwire.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
HackRead
HackRead
added 2018/06/19 10:53 p.m.31 views

Flaw in Google Home and Chromecast devices reveals user location

By Waqas Craig Young, an IT security expert from Tripwire has found This is a post from HackRead.com Read the original post: Flaw in Google Home and Chromecast devices reveals user location...

6.9AI score
Exploits0
CNVD
CNVD
added 2018/01/02 12:0 a.m.5 views

Tripwire IP360 VnE Manager Security Bypass Vulnerability

The Tripwire formerly known as nCircle IP360 VnE Manager is an IT asset management appliance from Tripwire USA. A security vulnerability exists in the RPC service in Tripwire IP360 VnE Manager version 7.2.2 prior to 7.2.6. A remote attacker can exploit the vulnerability with the help of specially...

9.8CVSS7.1AI score0.01681EPSS
Exploits1References1
NVD
NVD
added 2017/12/27 7:29 p.m.16 views

CVE-2015-6237

The RPC service in Tripwire formerly nCircle IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and 1 enumerate users, 2 reset passwords, or 3 manipulate IP filter restrictions via crafted "privileged commands."...

9.8CVSS9.6AI score0.01681EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/12/27 7:0 p.m.20 views

CVE-2015-6237

The RPC service in Tripwire formerly nCircle IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and 1 enumerate users, 2 reset passwords, or 3 manipulate IP filter restrictions via crafted "privileged commands."...

9.7AI score0.01681EPSS
Exploits1References2
CVE
CVE
added 2017/12/27 7:0 p.m.47 views

CVE-2015-6237

CVE-2015-6237 affects Tripwire IP360 VnE Manager, versions 7.2.2 through 7.2.5. The RPC service exposes a remote XML-RPC API that bypasses authentication, enabling an unauthenticated attacker to enumerate users, reset passwords, and manipulate IP filter restrictions via crafted privileged command...

9.8CVSS9.5AI score0.01681EPSS
Exploits1References2Affected Software1
Krebs on Security
Krebs on Security
added 2017/07/05 11:25 a.m.48 views

Who is the GovRAT Author and Mirai Botmaster ‘Bestbuy’?

In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai, a malware strain that enslaves Internet of Things IoT devices like security cameras and Internet routers for use in large-scal...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2016/03/09 2:7 p.m.40 views

Caution Urged over Patched Windows USB Driver Flaw

USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals. Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References6
n0where
n0where
added 2016/03/06 1:43 a.m.36 views

Active Directory Honeytoken Tripwire: DCEPT

DCEPT D omain C ontroller E nticing P assword T ripwire is a honeytoken-based tripwire for Microsoft’s Active Directory. Honeytokens are pieces of information intentionally littered on system so they can be discovered by an intruder. In the case of DCEPT, the honeytokens are credentials that woul...

0.1AI score
Exploits0References1
securityvulns
securityvulns
added 2015/10/12 12:0 a.m.58 views

Tripwire IP360 authentication bypass

Authentication bypass, privilege escalation...

7.5CVSS3.7AI score0.01681EPSS
Exploits1References1
securityvulns
securityvulns
added 2015/10/12 12:0 a.m.60 views

CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability

Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected verified versions: v7.2.2 - v7.2.5 CVE =====...

7.5CVSS1.3AI score0.01681EPSS
Exploits1
0day.today
0day.today
added 2015/10/05 12:0 a.m.68 views

Tripwire IP360 VnE Remote Administrative API Authentication Bypass Vulnerability

The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled...

7.5CVSS9.4AI score0.01681EPSS
Exploits1
ThreatPost
ThreatPost
added 2014/08/14 2:10 p.m.24 views

DEF CON SOHOpelessly Broken Router Hacking Contest

It’s becoming cliché to say it’s trivial to pop a small office or home router. Vendors are making it easy, since most are interested in cramming features such as print, file and media servers into these boxes and less so on basic security measures. Therefore, it sometimes helps to illustrate the...

8.3AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/02/06 2:36 p.m.6 views

February 2014 Microsoft Patch Tuesday Security Bulletins

February’s Microsoft Patch Tuesday promises to be a relatively straightforward set of bulletins, but more noteworthy is that it’s the same day Microsoft officially deprecates the MD5 hash algorithm. Announced last August, Microsoft will officially restrict the use of digital certificates with MD5...

8.6AI score
Exploits0References3
NVD
NVD
added 2014/01/29 6:55 p.m.12 views

CVE-2013-5005

Multiple cross-site scripting XSS vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 mtargetclassname, 2 mtargetmethodname, or 3 mrequestcontextparams parameters...

4.3CVSS5.8AI score0.01427EPSS
Exploits1References2
Prion
Prion
added 2014/01/29 6:55 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 mtargetclassname, 2 mtargetmethodname, or 3 mrequestcontextparams parameters...

4.3CVSS6.1AI score0.01427EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/01/29 6:0 p.m.22 views

CVE-2013-5005

Multiple cross-site scripting XSS vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 mtargetclassname, 2 mtargetmethodname, or 3 mrequestcontextparams parameters...

5.8AI score0.01427EPSS
Exploits1References2
CVE
CVE
added 2014/01/29 6:0 p.m.47 views

CVE-2013-5005

CVE-2013-5005 describes multiple cross-site scripting (XSS) vulnerabilities in Tripwire Enterprise 8.2 and earlier, exploitable via ajaxRequest/methodCall.do. The vulnerability arises through the parameters m_target_class_name, m_target_method_name, or m_request_context_params, which could allow ...

4.3CVSS5.9AI score0.01427EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder