408 matches found
Eve Arbitrary Code Execution Vulnerability
Eve pyeve is a Python based open source REST API framework. A security vulnerability exists in the io/mongo/parser.py file in Eve versions prior to 0.7.5. A remote attacker can exploit the vulnerability to execute arbitrary code with the help of the 'where' parameter...
Remote Code Execution (RCE)
Eve is vulnerable to remote code execution RCE attacks. The library does not fully sanitize nested mongo queries, allowing a malicious user to inject and execute arbitrary code...
PYSEC-2018-8
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
NoSQL Exploitation Framework 2.0 - A Framework For NoSQL Scanning and Exploitation
A FrameWork For NoSQL Scanning and Exploitation Framework Authored By Francis Alexander. Added Features: First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra Support For NoSQL WebAPPS Added payload list for JS Injection,Web application Enumeration. Scan Support for...
Remote Code Execution
mongo-parse is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...
Remote Code Execution (RCE)
mongo-edit is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...
SQL Injection Attacks
mongo-sql is vulnerable to SQL injection attacks. This is possible because some values in order.js are not escaped before being made into a SQL statement...
Moderate: Red Hat Security Advisory: rh-php56 security, bug fix, and enhancement update
An update for rh-php56, rh-php56-php, and rh-php56-php-pear is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
HackerOne in the third quarter TOP 5 vulnerability report-vulnerability warning-the black bar safety net
Foreword HackerOne in the third quarter TOP 5 vulnerability reports are coming announced. In this season, we participated in the Vegas hacker conference, hosted Hacked the World, and in the Reddit discussion above, some of the HackerOne problem. HackerOne vulnerability report from platform to...
Mongo Madness - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Mongo Madness published at the 'play' market has multiple vulnerabilities...
Nosql Exploitation Framework
The Tool focuses on scanning and exploiting NoSQL Databases which makes the pentesters life easy. The tool currently has support for Mongo,Couch-db and Redis,with further additions to be made soon.It supports Enumerating NoSQL Db’s,Dumping Nosql db’s,Dictionary attacks and Shodan Search...
Moderate: Red Hat Security Advisory: php55 security and bug fix update
Updated php55 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
MongoDB management tool exposure remote code execution vulnerability-vulnerability warning-the black bar safety net
MongoDB, the IT sector mainstream non-relational database NoSQL platform is one that is based on a table of a relational database of the popular alternatives. Recently, the management for MongoDB is a GUI tool phpMoAdmin is the storm has a very serious security vulnerability, once exploited, this...
PHPMoAdmin 'moadmin.php' Remote Code Execution Vulnerability
phpMoAdmin is a PHP development in the MongoDB management tools , can be used to create , delete and modify databases and indexes , provide views and data search tools , provide database startup time and memory statistics , support JSON. A remote code execution vulnerability exists in PHPMoAdmin...
openshift-origin-broker: default password creation
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this m...
Fedora Update for php-symfony2-HttpKernel FEDORA-2013-22422
Check for the Version of php-symfony2-HttpKernel OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpKernel FEDORA-2013-22422 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute...
[SECURITY] Fedora 18 Update: php-symfony2-HttpKernel-2.2.10-1.fc18
HttpKernel provides the building blocks to create flexible and fast HTTP-based frameworks. It takes a Request as an input and should return a Response as an output. Using this interface makes your code compatible with all frameworks using the Symfony2 components. And this will give you many cool...
[SECURITY] Fedora 18 Update: php-symfony2-HttpFoundation-2.2.10-1.fc18
The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...
Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14579
Check for the Version of php-symfony2-HttpFoundation OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpFoundation FEDORA-2013-14579 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
[SECURITY] Fedora 18 Update: php-symfony2-HttpFoundation-2.2.5-1.fc18
The HttpFoundation Component defines an object-oriented layer for the HTTP specification. In PHP, the request is represented by some global variables $GET, $POST, $FILE, $COOKIE, $SESSION... and the response is generated by some funct ions echo, header, setcookie, .... The Symfony2 HttpFoundation...