Fedora 30 : phpMyAdmin (2019-6404181bf9)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...

Fedora 29 : phpMyAdmin (2019-3b5a7abe17)

Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...

All the Code Connections Between Russia’s Hackers, Visualized

A sort of constellation chart for Kremlin malware, made by two cybersecurity firms, demonstrates the scale of Russia's distinct hacking operations...

Multiple Schneider Electric Products Formatting String Error Vulnerability

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. A formatting string error vulnerability exists in several Schneider Electric products. An...

Access Control Error Vulnerability in Multiple Schneider Electric Products (CNVD-2019-34802)

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. An access control error vulnerability exists in multiple Schneider Electric products, which can...

Access Control Error Vulnerability in Multiple Schneider Electric Products (CNVD-2019-34799)

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. An access control error vulnerability exists in several Schneider Electric products. An attacke...

Multiple Schneider Electric Products Server-Side Request Forgery Vulnerabilities

Schneider Electric MEG6501-0001-U.motion KNX server and others are a web-based visualization system from Schneider Electric France. The system is mainly used for KNX-based home and building automation. A server-side request forgery vulnerability exists in several Schneider Electric products. An...

LetsMapYourNetwork - Tool To Visualise Your Physical Network In Form Of Graph With Zero Manual Error

It is utmost important for any security engineer to understand their network first before securing it and it becomes a daunting task to have a ‘true’ understanding of a widespread network. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the...

Constellation - A Graph-Focused Data Visualisation And Interactive Analysis Application

Constellation is a graph-focused data visualisation and interactive analysis application enabling data access, federation and manipulation capabilities across large and complex data sets. Vision Statement Constellation is a first class, domain agnostic data visualisation and analysis application...

Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)

Sampler is a tool for shell commands execution, visualization and alerting. Configured with a simple YAML file. Installation macOS brew cask install sampler or curl -Lo /usr/local/bin/sampler https://github.com/sqshq/sampler/releases/download/v1.0.1/sampler-1.0.1-darwin-amd64 chmod +x...

ThreatHunting - A Splunk App Mapped To MITRE ATT&CK To Guide Your Threat Hunts

This is a Splunk application containing several dashboards and over 120 reports that will facilitate initial hunting indicators to investigate. You obviously need to be ingesting Sysmon data into Splunk, a good configuration can be found here Note: This application is not a magic bullet, it will...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibl...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or...

Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register

Linux kernel built with the KVM visualization support CONFIGKVM, with nested visualization nVMX feature enabled nested=1, is vulnerable to a crash due to disabled external interrupts. As L2 guest could access r/w hardware CR8 register of the hostL0. In a nested visualization setup, L2 guest user...

Orbit v2.0 - Blockchain Transactions Investigation Tool

Introduction Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections. Note: Orbit only runs on Python 3.2 and above. Usage Let's start by crawling...

CVE-2019-2735

Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion subcomponent: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace...

CVE-2019-2735

Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion subcomponent: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace...

CVE-2019-2735

CVE-2019-2735 affects Oracle Hyperion Workspace (UI and Visualization) and specifically the 11.1.2.4 release. The vulnerability allows a high-privilege attacker with network access over HTTP to read data from Oracle Hyperion Workspace, with exploitation requiring user interaction from a person ot...

Oracle Hyperion Workspace Component Access Control Error Vulnerability

Oracle Hyperion is a set of financial modeling applications from Oracle USA. The software provides financial closure, report production, etc. Hyperion Workspace is one of the modular business intelligence platform. The platform can be in a single coordinated environment for a variety of data...

Siemens TIA Administrator Authentication Vulnerability

Simatic WinCC TIA Portal is engineering software for configuring and programming Simatic panels, Simatic Industrial PCs and standard PC Winccruntime professional visualization software running WinCC Runtime Advanced or SCADA systems. An authentication vulnerability exists in Siemens TIA...