Improve company productivity with a Business Account.Sign Up

x

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello,
I need to bypass a XSS check which is using stripos to prevent using script tags by detecting the work "script"
<?php
if (stripos($a, 'script') !== false) return false; return true;
?>

Open in new window

The web server also has a CSP policy (default-src none; script-src: nonce-key) and requires a nonce parameter within the script tag.
Thank you for your help.
0
Free Tool: SSL Checker
LVL 12
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-used-to-spread-malware-and-toolsets/

Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.

What are the mitigations we can put in place to balance between work productivity & IT security risks?

Are the following valid mitigations?

1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
    top vectors of malwares.  Users told me they don't need these 2 functions on the PCs running
    AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
    between PCs when developing AutoIT scripts & using email/Internet

2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
    can't develop keyloggers/malicious scripts (that capture credentials).  The programmer felt
    this is restrictive but to work around, I heard we can create config file for scripts to read in
    parameters/variables to give more flexibilities or options for the scripts to operate: is this
    so?  Is this a good mitigation?

Pls add on any further mitigations.

I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
0
Regarding CVE-2018-0151 and apologies if this seems like a newb question but....

Is it still advisable to disable UDP port 18999 if your not using the the Adaptive QoS for Dynamic Multipoint VPN (DMVPN) feature?  Or should we only be concerned with this if the feature set is enabled and in use?  Our network engineers are clamoring over the fact that they would have to disable the port on over 600 devices in order to address this given we're not utilizing the feature.

Thanks in advance
0
We have a WatchGuard M300. We currently have an internet connection that is too small for our needs. Our issue is the upload speed is capped at 20Mbps. With the M300 can we add a second internet connection and have our internet traffic divided evenly between these two connections?
0
I have discovered by using vulnerability test software that 2 windows 2008 servers seemed to be vulnerable to ROBOT Attacks (Return of Bleinchenbacher's Oracle Threat),  I've been reading several articles with no answers.  Is there a Microsoft patch that fixes this (Windows update)  or is there a proper way to disable the RSA ciphers.   There seems to be a lot of info out there but nothing related to fixing the issues on a windows 2008 R2 server.

Can anyone point me int the right directions ?
0
I have a client with a SonicWall TZ 205, and we are running into an issue with PCI compliance scans.
Right now we are struggling to resolve a failure with "SSL Certificate - Signature Verification Failed Vulnerability".

Sonic support is clueless - does anyone here have a thought? Thanks in advance!
0
Audit wanted me to simulate a High severity event which we have only a few such as
successful Brute Force, true DDoS (not sure what's the bandwidth) & compromised
network/firewall devices that lead to operations outage.

This is to see if the SoC responds within SLA (from Splunk alert which currently
covers Prod servers/devices) & how fast we mitigate it.

I think the easiest is to
a) install a brute force password cracker
b) create a local account not subject to GPO (eg: password doesnt get locked
    despite number of failed attempts with a simple password) on a non-
    critical Prod server

Any freeware tool on Windows that do brute force for Windows that anyone
can recommend?  SIP Vicious or is there a free l0phtcrack ?
0
We have several locations. Each location has several DNS servers, all replicating to each other. In DNS we have several Conditional Forwarders. At all locations except one I can ping and RDP into any of the servers in the Conditional Forwarders list. However in one of the locations I am unable to ping to any of the Conditional Forwarder IPs. All locations are connected using a Watchguard firewall using a VPN. When I do a tracert from the location that is unable to get to any of the Conditional Forwarder locations, it goes to the local DNS server, then out to local ISP DNS server. I have been reading and searching for articles that might help however I am unable to find a solution.
0
Dear EE,

I have two vulnerabilities.


1:- Microsoft Office Dynamic Data Exchange (DDE) Vulnerability (KB 4053440) (ADV170021)

2:- Microsoft Office and Microsoft Office Services and Web Apps Security Update January 2018


My client has reported DDE vulnerability in there production environment having Microsoft Office Professional Plus 2010 64 Bit.

Can you please help me how can i make / configure DDE vulnerability in my local environment with same Microsoft Office Professional Plus 2010 64 Bit.

So that i can then FIX it and share the steps to my client.

After fixing first one we will move to 2nd one.

Thanks
03-Apr-18-12-41-00-PM.jpg
0
Hi Experts!

Hope everyone is well?

All of a sudden when we make changes to a Custom Profile on AlienVault OSSIM and trying and update it fails for all sensors.

Database Updates Correctly and shows a green tick.
On sensor fails with a red cross
All the rest just pulse (3 black lines) but never do anything else

Pic
Checked the Sensors and all have network connectivity. I can Telnet to each box on port 9330.

All certificates seem to be ok.

Would anybody be able to point me in the right direction to try and help me diagnose and resolve this?

Cheers
SJG
0
Worried about phishing attacks?
LVL 1
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Hi All

This is not a question as such im looking for information ideas on how i can pass VLAN's across a ipsec VPN tunnel

Ive got 16 VLANS that is hosted at one site located a few hundred kilometers away from my secondary site and i want to be able to push the vlans from the main site to the secondary site and then be able to distriube those via a switch at the remote site

The sites currently will be connected via either Sonicwalls or WatchGuard UTM Appliances

Any help or suggestions on this would be greatly appreciated
0
Hi All, We are experiencing Blackscreen issue with couple workstations where we are only able to see black screen with a cursor. We have tried almost every different malware removal software and antivirus but the issue seems to be still there. Below are the few things we have noticed.

- Explorer.exe is not launching at startup
- There are certain processes such as "stivsc" which is stuck in the state of stopping and using most of the computer resources.
- Services are listed as "unknown" instead of "Microsoft corporation" in system configuration(msconfig)
- 15- 20 svchost.exe processes are running from C;\Windows\System32\ folder
- Various anti-malware softwares applications are showing the workstation as clean after detecting and removing a Trojan - Trickbot.


Any suggestion/support will be greatly appreciated.
0
I have a dell poweredge r620 that is running some windows server guests (hypervisor is ESXi 6.5 build 7388607).  I was under the impression that the combination of the hypervisor build and the latest bios would take care of it, but running some scripts from GitHub on the hypervisor and the speculationcontrolsettings report on the guests would lead me to believe there is still some work to do.  Both report the vulnerabilities still exist.

When upgrading the hypervisor I used command line "esxcli software vib update path\esxi650-20171201.zip" to get to the build number listed above.  Can any experts out there give me an idea of what I could be overlooking?
0
Hello Experts,

I have got XTM 26 series watchguard Firewall in the company. We are now in the phase of upgrading internet bandwidth from 20 Mbps to 100 Mbps.  According to service provider, I have to setup firewall for traffic shaping but I am not sure watchguard support it or not?

Parameters to configure on firewall are; Shaping Rate, Shaping burst, Extended burst.


I do not want to go with other option of adding a router before the firewall, as it may stops all applications running in branch office.

Can anybody help me with?
0
I'm about to apply WannaCry patch for my customer environment.

I know it will disable SMBv1 on server and their implication likes AD replication and login issue.
I wonder if there is any special procedure or pre/post action to follow after install the patches so I can minimize the impact and tackle the root cause in short time.

thanks
0
I come across the following link

https://stackoverflow.com/questions/41487621/authorization-in-spring-web-application-custom-filter-vs-servelt-filter-vs-acce

Custom Filter OR Servlet Filter or AccessDecisionVoter

Need to provide access to user after login to the pages or actions based on certain conditions (user is active or user expiration date is over or user doesn't have any orders) and looking for a custom spring security. In the above which one would be suitable in this case and need a good code snippet to achieve it.
0
Penetration Testing - Looking for an affordable solution to do web site pen testing without it costing us £1000(s) expenditure.

There are many pen testing companies out there however I am looking for a cost effective solution which will cater for doing the job.

Any suggestions?
0
Watchguard to Draytek site to site VPN - 2 tunnels required.

WG side has local IP of 192.168.1.1/24 and this needs linking to the draytek which has 2 LAN 10.0.0.1/24 and 192.168.100.1/24

I need a tunnel for both

Now i can set this up with one tunnel no issue. but cant see anywhere to add a second tunnel on the draytek end. Ive herd GRE might be the answer my question but havnt used this before.

How do i add a second tunnel. I have also tried a second VPN with the other tunnel but this causes both VPNs to alternate and not work correctly. any help or questions welcome
0
i currently have a watchguard firebox with UTM and using vmware.
im currently upgrading the environment to the latest vmware and nsx.
is it recommended to eliminate the watchguard and ONLY use NSX?
0
NEW Internet Security Report Now Available!
LVL 1
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Hi,

As part of a security certification process we’re going through we’re required to fix this particular security issue with our website. The text, in the bold headed two paragraphs below, is that provided to us from the company doing the testing:

Client-side HTTP parameter pollution (reflected): Client-side HTTP parameter pollution (HPP) vulnerabilities arise when an application embeds user input in URLs in an unsafe manner. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify URLs within the response by inserting additional query string parameters and sometimes overriding existing ones. This may result in links and forms having unexpected side effects. For example, it may be possible to modify an invitation form using HPP so that the invitation is delivered to an unexpected recipient. The security impact of this issue depends largely on the nature of the application functionality. Even if it has no direct impact on its own, an attacker may use it in conjunction with other vulnerabilities to escalate their overall severity.

Recommendation: Ensure that user input is URL-encoded before it is embedded in a URL.

Now, the only user input getting put into the URL would seem to be that from the results of searches (there’s a search box on each page). If I look for ‘Cheese’ the URL reads https://www.<oursitename>/?s=Cheese or if I search for ‘Bacon Roll’ it’d be …
0
We are in the process of moving from desktops to laptops. We use SCCM, IEM/Bigfix for desktop patching but will now have to patch laptops that are randomly connected to our network. One method is to enable Windows Update.  Any suggestions or recommendations?
0
Hello experts

This is my first post to EE regarding OpenVAS, please forgive any misbehavior and language errors since I am not a native English speaker.

I have encountered strange results while changing only the port list for some targets.

If I use the wizard (immediate scan) to scan a couple of hosts, I get a report with some medium vulnerabilities. If I clone the target that was created by the wizard and just change the port list to scan all TCP and all UDP, I get a report with only "log level" vulnerabilities.

I may be doing something wrong but I can't figure out what.

Here are the details for the target used by the wizard :

Comment:    Automatically generated by wizard
Hosts:  example.com, example.io
Exclude Hosts:  
Reverse Lookup Only:    No
Reverse Lookup Unify:   No
Maximum number of hosts:    2
Port List:  OpenVAS Default
Alive Test:     Scan Config Default
Credentials for authenticated checks:
SSH:    
SMB:    
ESXi:   
SNMP:

Open in new window


Here is the target that I modified from a clone of the one above :

Comment:    Modified from automatically generated by wizard
Hosts:  example.com, example.io
Exclude Hosts:  
Reverse Lookup Only:    No
Reverse Lookup Unify:   No
Maximum number of hosts:    2
Port List:  All TCP and UDP
Alive Test:     Scan Config Default
Credentials for authenticated checks:
SSH:    
SMB:    
ESXi:   
SNMP:

Open in new window


Here is my All TCP and UDP port list :

Port List: All TCP and UDP
Comment:    
Port count:     131070
TCP Port count:     65535
UDP Port count:     65535
Port Ranges (2)
Start   End     Protocol
1       65535   tcp
1       65535   udp

Open in new window

0
[root@db01 ~]# yum updateinfo info --cve CVE-2017-5715
Loaded plugins: product-id, search-disabled-repos, subscription-manager
updateinfo info done

I am pretty sure this CVE is not installed. However i am unable to see the this CVE in the list.
0
Dear Support,

Good Day,

Could you please help me on below what to do on my servers

On January 3rd, details on a pair of vulnerabilities named “Spectre” and “Meltdown” were released. Both vulnerabilities exploit critical vulnerabilities within modern processors, allowing programs to steal data being processed on the device. This includes virtual machines reading memory from other virtual machines on the same host. End-user systems and shared cloud hosting providers are at the highest risk. Multiple vendors have released patches to address the vulnerability.

Waiting for your update

Thanks
0
Watchguard mobile VPN stops receiving data whenever I reboot my laptop. It requires me to uninstall and install again to make it working. Can some please suggest me the cause of the issue.
1

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.