Authentication flaw

IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a sessio...

CVE-2015-1937

CVE-2015-1937 affects IBM PowerVC: the ceilometer NoSQL database in PowerVC 1.2.0.x (1.2.0.4 and earlier), 1.2.1.x (up to 1.2.1.2), and 1.2.2.x (up to 1.2.2.2) allows remote unauthenticated access via port 27017, enabling reading/writing arbitrary database records and potentially gaining administ...

CVE-2015-1937

IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a sessio...

MongoDB Patches Remote Denial-of-Service Vulnerability

MongoDB, a popular NoSQL database used in big data and heavy analytics environments, has patched a serious denial-of-service vulnerability that is remotely exploitable. Companies using the default installation of MongoDB, which does not require authentication to access the database, are urged to...

40,000 UnProtected MongoDB Databases Found on the Internet

Nearly 40,000 organisations running MongoDB, a NoSQL high performance and cross-platform document-oriented database, are found to be unprotected and vulnerable to hackers. Three students from University of Saarland in Germany at the Centre for IT Security – Kai Greshake, Eric Petryka and Jens...

Moderate: Red Hat Security Advisory: mongodb security update

Updated mongodb packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilitie

No description provided by source. Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilities TIME-BASED PHP V8JS INJECTION & NOSQL/SSJS INJECTION Detecting server-side JavaScript SSJS injection vulnerabilities using time-based techniques. Article by Feli...

Oracle NoSQL Directory Traversal

Hi List, I don't know if this worth anything, because the manual says: "Oracle NoSQL Database is intended to be installed in a secure location where physical and network access to the store is restricted to trusted users. For this reason, at this time Oracle NoSQL Database's security model is...