4560 matches found
LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution
LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...
Security Strategies for DevOps, APIs, Containers and Microservices
More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing trend towards speeding up application developmen...
Change Healthcare Conserus Workflow Intelligence Authentication Bypass Vulnerability
Change Healthcare Conserus Workflow Intelligence application is a diagnostic imaging workflow application for hospitals and health systems from Change Healthcare, USA. An authentication bypass vulnerability exists in the Change Healthcare Conserus Workflow Intelligence application version 2.0.2. ...
CVE-2017-16776
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...
Authentication flaw
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...
CVE-2017-16776
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...
CVE-2017-16776
CVE-2017-16776 concerns Change Healthcare’s Conserus Workflow Intelligence (McKesson Medical Imaging) v2.0.2, where an authentication bypass exists. The exposed component allows exploitation via a malicious HTTP GET request, enabling both unauthenticated users to gain limited access and authentic...
CVE-2017-16776
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability...
Droidefense - Advance Android Malware Analysis Framework
Droidefense originally named atom: a nalysis t hrough o bservation m achine is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1140752 include...
DumpsterFire Toolset: Security Incidents In A Box
The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support a...
CVE-2017-15014
OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the...
SCUTUM - Linux Automatic ARP (TCP / UDP / ICMP) Firewall
SCUTUM - Linux Automatic ARP TCP / UDP / ICMP Firewall Current Version Change log: 1. Added Self-Upgrading Function, now users can execute self-upgrading with $ sudo scutum --upgrade 2. Added AVALON Framework Self-Upgrading function included when using "--upgrade" parameter Recent Changes: 1...
A Hardware Privacy Monitor for iPhones
Andrew "bunnie" Huang and Edward Snowden have designed a hardware device that attaches to an iPhone and monitors it for malicious surveillance activities, even in instances where the phone's operating system has been compromised. They call it an Introspection Engine, and their use model is a...
CVE-2017-2258
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications"...
Two Arbitrary File Upload Vulnerabilities Exist in the Backend of Bunker Buster Machine
Bunker Fortress is the industry's first software form of the Fortress, providing a centralized authentication, centralized access authorization, centralized access management, centralized operation audit and a single point of simplified operation and management required for remote operations and...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 build 7072.0 build...
Remediation Workflow Now Integrates with ServiceNow
Today were sharing an update to Remediation Workflow Ticketing capabilities. We are pleased to announce that Remediation Workflow in InsightVM now integrates with ServiceNow. One of the main benefits of Remediation Workflow Ticketing is to improve collaboration between security and remediation...
Moderate: Red Hat Security Advisory: openstack-mistral security, bug fix, and enhancement update
An update for openstack-mistral is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Open Source Incident Management & Response Platform: Cyphon
Open Source Incident Management & Response Platform Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis. Many businesses rely on emails to manage alert notifications, which leaves their networks susceptible to overlooked incidents, alert fatigue and...