Nosql Exploitation Framework

The Tool focuses on scanning and exploiting NoSQL Databases which makes the pentesters life easy. The tool currently has support for Mongo,Couch-db and Redis,with further additions to be made soon.It supports Enumerating NoSQL Db’s,Dumping Nosql db’s,Dictionary attacks and Shodan Search...

WordPress Database Sync 0.4 Cross Site Scripting Vulnerability

WordPress Database Sync plugin version 0.4 suffers from a cross site scripting vulnerability. Title: WordPress 'Database Sync' Plugin Version: 0.4 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Download: - https://wordpress.org/plugins/database-sync/ -...

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite...

redis -- EVAL Lua Sandbox Escape

Ben Murphy reports: It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This shouldn’t pose a threat to users under the trusted Redis security model where only trusted users can connect to the database. However, in real deployments there could be databases that can...

NoPo - NoSQL Honeypot Framework

NoSQL-Honeypot-Framework NoPo is an open source honeypot for nosql databases that automates the process of detecting attackers,logging attack incidents. The simulation engines are deployed using the twisted framework.Currently the framework holds support for redis. N.B : The framework is under...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker could exploit these vulnerabilities to include...

The vulnerability of the Oracle Database database management system allows a remote attacker to compromise data accessibility.

The vulnerability of the Oracle Database management system in the XDK and XDB components – XML Databases – allows a malicious actor, who operates remotely and has completed the authentication process, to compromise the accessibility of data...

[SECURITY] Fedora 22 Update: perl-DBD-Firebird-1.19-1.fc22

DBD::Firebird is a Perl module that works with the DBI module to provide access to Firebird databases...

[SECURITY] Fedora 21 Update: perl-DBD-Firebird-1.19-1.fc21

DBD::Firebird is a Perl module that works with the DBI module to provide access to Firebird databases...

Debian Security Advisory DSA 3219-1 (libdbd-firebird-perl - security update)

Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird, a Perl DBI driver for the Firebird RDBMS, in certain error conditions, due to the use of the sprintf function to write to a fixed-size memory buffer. OpenVAS Vulnerability Test $Id: deb3219.nasl 6609 2017-07-07 12:05:59Z...

Phabricator: SSRF vulnerability (access to metadata server on EC2 and OpenStack)

In bug 50537, haquaman reported a SSRF vulnerability in the meme creation section of Phabricator. Ticket T6755 was created and the HackerOne issue was closed as "Won't fix". T6755 states that "attackers can use the machine's ability to access the network, which may allow them to find services and...

chromium: multiple issues

CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213, CVE-2015-1214, CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer...

Google Chrome < 41.0.2272.76 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 41.0.2272.76. It is, therefore, affected by multiple vulnerabilities as referenced in the 201503stable-channel-update advisory. - Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM...

FreeBSD : chromium -- multiple vulnerabilities (8505e013-c2b3-11e4-875d-000c6e25e3e9)

Chrome Releases reports : 51 security fixes in this release, including : - 456516 High CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. - 448423 High CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - 445810 High CVE-2015-1214: Out-of-bounds write in ski...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 41 to the stable channel for Windows, Mac and Linux. Chrome 41.0.2272.76 contains a number of fixes and improvements, including: A number of new apps/extension APIs Lots of under the hood changes for stability and performance A list...

‘DarkLeaks’ Black Market — Anonymously Selling Secrets for Bitcoins

An all new anonymous online underground black market website, DarkLeaks, has been introduced on the Internet where Whistleblowers, blackmailers, hackers and any individual can trade/sell sensitive and valuable data/secrets anonymously in exchange for Bitcoin payments. DarkLeaks is a decentralized...

GLSA-201502-03 : BIND: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201502-03 BIND: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can cause a denial of service condition by...

[SECURITY] Fedora 21 Update: mantis-1.2.19-1.fc21

Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis When t...

Topline Systems Opportunity Form Information Disclosure Vulnerability

The Topline Systems Opportunity Form is an Excel spreadsheet containing connection strings to enable macros for public-facing databases. An information disclosure vulnerability exists in Topline Systems Opportunity Form, which can be exploited by an attacker to obtain sensitive information...

CVE-2014-8680

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...