Imperva to Acquire DevOps Security Leader Prevoty

Today, we announced that we entered into an agreement to acquire Prevoty, an innovator and leader in building application security that can block attacks and monitor interactions inside application stacks using DevOps and agile development. I’m incredibly excited that the Prevoty team will join...

Oracle MySQL Security Update (cpujul2018 - 06) - Windows

Oracle MySQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; ifdescription...

Firebase Exploiting Tool - Exploiting Misconfigured Firebase Databases

Exploiting vulnerable/misconfigured Firebase databases Prerequisites Non-standard python modules: dnsdumpster bs4 requests Installation If the following commands run successfully, you are ready to use the script: git clone https://github.com/Turr0n/firebase.git cd firebase pip install -r...

ulices-databases.ulisboa.pt XSS vulnerability

Open Bug Bounty ID: OBB-644238 Description| Value ---|--- Affected Website:| ulices-databases.ulisboa.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Masc - A Web Malware Scanner

A malware web scanner developed during CyperCamp Hackathon 2017. Features At the moment, there are some features avaiable for any type of website custom or CMS and some of them only available for specific platforms: Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules...

Code injection

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include...

Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurren...

Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurren...

Security Bulletin: A security vulnerability has been identified in IBM Tivoli Storage Manager that affects multiple IBM Tivoli Storage products (CVE-2016-0371)

Summary The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager HSM for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, and IBM Tivoli Storage Manager for Virtual...

Security Bulletin: A security vulnerability has been identified in IBM Tivoli Storage Manager that affects multiple IBM Tivoli Storage products (CVE-2016-0201)

Summary The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, IBM Tivoli Storage Manager HSM for Windows, and IBM Tivoli Storage Manager for Virtual...

Security Bulletin: Vulnerability in IBM Rational ClearQuest Web Client with potential for Information Disclosure (CVE-2013-5422)

Summary An Information Disclosure Attack vulnerability exists in IBM Rational ClearQuest Web Client. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CV...

Vulnerability Databases: Classification and Registry

What publicly available Vulnerability Databases do we have? Well, I can only say that there are a lot of them and they are pretty different. Here I make an attempt to classify them. It's quite an ungrateful task. No matter how hard you try, the final result will be rather inaccurate and incomplet...

CVE-2018-11242

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases locally stored are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files...

CVE-2018-11242

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases locally stored are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files...

CVE-2017-9637

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that...

CISO Forum and the problems of Vulnerability Databases

Last Tuesday, April 24, I was at "CISO FORUM 2020: glance to the future". I presented there my report "Vulnerability Databases: sifting thousands tons of verbal ore". In this post, I'll briefly talk about this report and about the event itself. My speech was the last in the program. At the same...

CVE-2018-8740

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases

Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...

3,000 Databases with 200 Million Unique accounts found on Dark Web

By Waqas Dark Web is a strange place where one can conduct This is a post from HackRead.com Read the original post: 3,000 Databases with 200 Million Unique accounts found on Dark Web...

Oracle Database Attacking Tool: ODAT

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...