88 matches found
Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud
Policy as Code Bot PacBot is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud. In PacBot, security and compliance policies are implemented as code. All resources discovered by PacBot are evaluated against these policies to gauge policy...
Adobe December 2018 Security Update Fixes Reader, Acrobat
Adobe has patched 87 vulnerabilities for Acrobat and Reader in its December Patch Tuesday update, including a slew of critical flaws that would allow arbitrary code-execution. The scheduled update comes less than a week after Adobe released several out-of-band fixes for Flash Player, including a...
info.tripwire.com XSS vulnerability
Open Bug Bounty ID: OBB-696057 Description| Value ---|--- Affected Website:| info.tripwire.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Flaw in Google Home and Chromecast devices reveals user location
By Waqas Craig Young, an IT security expert from Tripwire has found This is a post from HackRead.com Read the original post: Flaw in Google Home and Chromecast devices reveals user location...
Tripwire IP360 VnE Manager Security Bypass Vulnerability
The Tripwire formerly known as nCircle IP360 VnE Manager is an IT asset management appliance from Tripwire USA. A security vulnerability exists in the RPC service in Tripwire IP360 VnE Manager version 7.2.2 prior to 7.2.6. A remote attacker can exploit the vulnerability with the help of specially...
CVE-2015-6237
The RPC service in Tripwire formerly nCircle IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and 1 enumerate users, 2 reset passwords, or 3 manipulate IP filter restrictions via crafted "privileged commands."...
CVE-2015-6237
The RPC service in Tripwire formerly nCircle IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and 1 enumerate users, 2 reset passwords, or 3 manipulate IP filter restrictions via crafted "privileged commands."...
CVE-2015-6237
CVE-2015-6237 affects Tripwire IP360 VnE Manager, versions 7.2.2 through 7.2.5. The RPC service exposes a remote XML-RPC API that bypasses authentication, enabling an unauthenticated attacker to enumerate users, reset passwords, and manipulate IP filter restrictions via crafted privileged command...
Who is the GovRAT Author and Mirai Botmaster ‘Bestbuy’?
In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai, a malware strain that enslaves Internet of Things IoT devices like security cameras and Internet routers for use in large-scal...
Caution Urged over Patched Windows USB Driver Flaw
USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals. Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on...
Active Directory Honeytoken Tripwire: DCEPT
DCEPT D omain C ontroller E nticing P assword T ripwire is a honeytoken-based tripwire for Microsoft’s Active Directory. Honeytokens are pieces of information intentionally littered on system so they can be discovered by an intruder. In the case of DCEPT, the honeytokens are credentials that woul...
Tripwire IP360 authentication bypass
Authentication bypass, privilege escalation...
CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability
Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected verified versions: v7.2.2 - v7.2.5 CVE =====...
Tripwire IP360 VnE Remote Administrative API Authentication Bypass Vulnerability
The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled...
DEF CON SOHOpelessly Broken Router Hacking Contest
It’s becoming cliché to say it’s trivial to pop a small office or home router. Vendors are making it easy, since most are interested in cramming features such as print, file and media servers into these boxes and less so on basic security measures. Therefore, it sometimes helps to illustrate the...
February 2014 Microsoft Patch Tuesday Security Bulletins
February’s Microsoft Patch Tuesday promises to be a relatively straightforward set of bulletins, but more noteworthy is that it’s the same day Microsoft officially deprecates the MD5 hash algorithm. Announced last August, Microsoft will officially restrict the use of digital certificates with MD5...
CVE-2013-5005
Multiple cross-site scripting XSS vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 mtargetclassname, 2 mtargetmethodname, or 3 mrequestcontextparams parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 mtargetclassname, 2 mtargetmethodname, or 3 mrequestcontextparams parameters...
CVE-2013-5005
Multiple cross-site scripting XSS vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 mtargetclassname, 2 mtargetmethodname, or 3 mrequestcontextparams parameters...
CVE-2013-5005
CVE-2013-5005 describes multiple cross-site scripting (XSS) vulnerabilities in Tripwire Enterprise 8.2 and earlier, exploitable via ajaxRequest/methodCall.do. The vulnerability arises through the parameters m_target_class_name, m_target_method_name, or m_request_context_params, which could allow ...