Apache Derby: LDAP injection vulnerability in authenticator

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

Oracle MySQL Server 8.x <= 8.0.34 Security Update (cpuoct2023) - Linux

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

Oracle MySQL Server 8.1.0 Security Update (cpuoct2023) - Linux

Oracle MySQL Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] Fedora 39 Update: moby-engine-24.0.5-1.fc39

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Uncursing the ncurses: Memory corruption vulnerabilities found in library

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces TUI. Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface POSIX operating...

Uncursing the ncurses: Memory corruption vulnerabilities found in library

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces TUI. Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface POSIX operating...

Damon Enterprise Manager (DEM) suffers from a logic flaw vulnerability (CNVD-2023-78062)

Damon Enterprise Manager DEM is a centralized management platform that monitors, manages and maintains DM databases through a web interface. A logic flaw vulnerability exists in Damon Enterprise Manager DEM, which can be exploited by an attacker to delete arbitrary files...

LLMs and Tool Use

Last March, just two weeks after GPT-4 was released, researchers at Microsoft quietly announced a plan to compile millions of APIs--tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room--into a compendium that would be made...

[SECURITY] Fedora 37 Update: moby-engine-24.0.5-1.fc37

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Fedora: Security Advisory for moby-engine (FEDORA-2023-cf3551046d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Spyware Vendor Hacked

A Brazilian spyware app vendor was hacked by activists: In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By exploiting other flaws...

[SECURITY] Fedora 38 Update: moby-engine-24.0.5-1.fc38

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Command execution vulnerability in Damon Enterprise Manager (DEM) (CNVD-2023-69447)

Damon Enterprise Manager DEM is a centralized management platform that monitors, manages and maintains DM databases through a web interface. A command execution vulnerability exists in Damon Enterprise Manager DEM, which can be exploited by an attacker to gain control of the server...

Microsoft Azure Subdomain Scanner / Enumerator Exploit

This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and more! Background: Microsoft makes use of a numbe...

Microsoft Azure Subdomain Scanner / Enumerator

Background: Microsoft makes use of a number of different domains and subdomains for each of their Azure services. From SQL databases to SharePoint drives, each service maps to its respective domain/subdomain, and with the proper toolset, these can be identified through DNS enumeration to yield...

Owner of BreachForums Pleads Guilty to Cybercrime and Child Pornography Charges

Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images. The development, first reported by DataBreaches.net last week, comes nearly four months after...

CVE-2023-34834

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint...

Directory traversal

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint...

CVE-2023-34834

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint...