ArangoDB Community Edition 3.4.2-1 Cross Site Scripting

Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.arangodb.com Software Link: https://www.arangodb.com/download-major/ Version: 3.4.2-1 Introduction ArangoDB is a native multi-model, open-source databa...

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.arangodb.com Software Link: https://www.arangodb.com/download-major/ Version: 3.4.2-1...

Integration Objects' OPC Driver for Databases Detection (Windows SMB Login)

Detects the installed version of Integration Objects SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MyWebSQL Cross-Site Request Forgery Vulnerability

MyWebSQL is a web-based MySQL database management client from Samnan ur Rehman Software Developers. A cross-site request forgery vulnerability exists in MyWebSQL. An attacker can exploit this vulnerability to delete databases with the help of the /?q=wrkfrm&type=databases URI...

CVE-2019-7730

MyWebSQL 3.7 has a Cross-site request forgery CSRF vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI...

GHSA-9GQG-3FXR-9HV7 Apache Airflow vulnerable to XSS

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system...

Apache Airflow vulnerable to XSS

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system...

LeakLooker - Find Open Databases With Shodan

Find open databases with Shodan Background: https://medium.com/@wojciech/leaklooker-find-open-databases-in-a-second-9da4249c8472 Requirements: Python 3 Shodan paid plan, except Kibana search Put yourShodan API key in line 65 pip3 install shodan pip3 install colorama pip3 install hurry.filesize...

CVE-2017-17836

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the...

CVE-2017-17836

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the...

How the Feds Failed to Track Thousands of Separated Children

Ad hoc systems and haphazard databases made the Trump administration’s cruel border separation policies somehow even worse...

VOIPO Database Exposes Millions of Texts, Call Logs

UPDATE An improperly secured database owned by a California voice-over-internet provider left millions of customer call logs, SMS message logs and credentials in plain text open for months for the taking. The database belongs to VOIPO, which provides mobile services for consumers and commercial...

stoQ - An Open Source Framework For Enterprise Level Automated Analysis

stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed...

RATELIMITED: Information Disclosure PHPpgAdmin

PHPpgAdmin is a piece of script which allows system administrators to manage their Postgres databases easily from a webUI. We had forgotten to limit access to this script, resulting in the ability for a brute-force attack to happen...

Using Machine Learning to Create Fake Fingerprints

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctiv...

[SECURITY] Fedora 29 Update: hesiod-3.2.1-14.fc29

Hesiod is a system which uses existing DNS functionality to provide access to databases of information that changes infrequently. It is often used to distribute information kept in the /etc/passwd, /etc/group, and /etc/printc ap files, among others...

How DNA Databases Violate Everyone's Privacy

If you're an American of European descent, there's a 60% chance you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. Research paper: "Identity inference of genomic data using...

LG SuperSign CMS File Upload Vulnerability

LG SuperSign CMS is a content management system for LG webOS from the Luckin LG Group in Korea. The system supports connection to external databases and allows access to the server from mobile devices. A file upload vulnerability exists in LG SuperSign CMS, which can be exploited by an attacker...

Security Bulletin: Official Statement On Spectre and Meltdown

Summary IBM Security statement on the Spectre and Meltdown vulnerabilities Vulnerability Details As many clients are likely aware of by now, 2 major security flaws impacting chipsets across the PC and mobile spectrums have unfolded over the last day or so. Meltdown Intel only and Spectre...

[SECURITY] Fedora 28 Update: libldb-1.4.0-3.fc28.1.3.5

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...