Hadoop, CouchDB Next Targets in Wave of Database Attacks

Insecure Hadoop and CouchDB installations are the latest targets of cybercriminals who are hijacking and deleting data. Last week, security researchers said 28,000 MongoDB and Elasticsearch installations were hacked in a new wave of attacks against unprotected open source data management platform...

US Voting Systems Deemed Critical Infrastructure

The Department of Homeland Security has designated the U.S. voting infrastructure, including voting machines and registration databases, as critical infrastructure. On Friday, Secretary Jeh Johnson elevated the voting infrastructure to a critical infrastructure subsector under the existing...

Over 27,000 MongoDB Databases Held For Ransom Within A Week

The ransomware attacks on poorly secured MongoDB installations have doubled in just a day. A hacker going by the handle Harak1r1 is accessing, copying and deleting unpatched or badly-configured MongoDB databases and then threatening administrators to ransom in exchange of the lost data. It all...

juneau.lib.ak.us XSS vulnerability

Open Bug Bounty ID: OBB-200184 Description| Value ---|--- Affected Website:| juneau.lib.ak.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

DEBIAN-CVE-2016-6615

XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature a specially-crafted database name can be used to trigger an XSS attack; the "Tracking" feature a specially-crafted query can be used to trigger an XSS attack; and GIS visualization feature. Al...

jSQL Injection v0.77 - Java application for automatic SQL database injection

jSQL Injection is a lightweight application used to find database information from a distant server. It's is free , open source and cross-platform Windows, Linux, Mac OS X. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions lik...

Deluge 1.3.13 - Denial Of Service Vulnerability

Deluge is free software, licensed under the GNU GPL4, BitTorrent network node. Based on Python and GTK +. The program uses the C ++ libtorrent as its own interface for network functionality through the torrent own Python bindings for the project. Copy of the Vendor Homepage:...

SUSE-SU-2016:2396-1 Security update for apache2-mod_nss

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements: - Fix OpenSSL ciphers stopped parsing at +. CVE-2016-3099 - Created valgrind suppression files to ease debugging. - Implement SSLPPTYPEFILTER to call executables to get the key password pins. - Improvements t...

Two US State Election Systems Hacked to Steal Voter Databases — FBI Warns

A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month. Although any intrusion in the state voting system has not been reported, t...

CVE-2016-3059

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server aka IBM Spectrum Protect for Databases 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server aka IBM Spectrum Protect Snapshot 3.1 before 3.1.1.7 and 3.2 before...

CVE-2016-3059

CVE-2016-3059 affects IBM Tivoli Storage Manager for Databases (IBM Spectrum Protect for Databases) and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (IBM Spectrum Protect Snapshot). The vulnerability allows local users to disclose the cleartext SQL Server password by reading the ...

IBM Tivoli Storage Manager for Databases Local Information Disclosure Vulnerability

IBM Tivoli Storage Manager TSM for Databases, etc. are products of IBM Corporation, U.S.A. IBM TSM for Databases is a suite of backup and recovery management solutions that run in databases.Tivoli Storage FlashCopy Manager for Microsoft SQL Server is a solution that provides advanced data...

PowerDNS Zone Transfer Data Restriction Denial of Service Vulnerability

PowerDNS is a cross-platform open source DNS service component , it supports the use of Access mdb files in Windows systems to record DNS information , in Linux/Unix systems use MySQL to record DNS information . A denial-of-service vulnerability exists in the PowerDNS server, which stems from the...

Detux - The Multiplatform Linux Sandbox

Detux is a sandbox developed to do traffic analysis of the Linux malwares and capture the IOCs by doing so. QEMU hypervisor is used to emulate Linux Debian for various CPU architectures. The following CPUs are currently supported: x86 x86-64 ARM MIPS MIPSEL Use the Live version now:...

MongoDB mongod Malformed X.509 Certificate Handling Remote DoS Vulnerability - Linux

MongoDB is prone to remote denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...

Netdata - Real-Time Performance Monitoring

netdata is a highly optimized Linux daemon providing real-time performance monitoring for Linux systems, Applications, SNMP devices, over the web ! It tries to visualize the truth of now , in its greatest detail , so that you can get insights of what is happening now and what just happened, on yo...

CVE-2016-3675

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases...

CVE-2016-3675

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases...

CVE-2016-3675

CVE-2016-3675 is a SQL injection vulnerability in Huawei Policy Center affecting versions before V100R003C10SPC020 (and variants cited V100R003C00, V100R003C10SPC020). The issue allows remote authenticated users to execute arbitrary SQL commands through unspecified vectors related to system datab...

Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities

Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities Asbru Web Content Management System v9.2.7 Multiple Vulnerabilities Vendor: Asbru Ltd. Product web page: http://www.asbrusoft.com Affected version: 9.2.7 Summary: Ready to use, full-featured, database-driven web content...