Use CouchDB to unauthorized access vulnerability to execute arbitrary system commands-bug warning-the black bar safety net

5 on 1 6, Ali cloud shield defense against the team from external sources informed that the CouchDB database exists for unauthorized access vulnerabilities in the configuration is incorrect. After the test, the cloud shield team was the first to discover the use of the unauthorized access...

CouchDB未授权访问导致的任意系统命令执行漏洞

详情来源：阿里云安全 0x01 漏洞的来龙去脉 CouchDB 是一个开源的面向文档的数据库管理系统，可以通过 RESTful JavaScript Object Notation JSON API 访问。CouchDB会默认会在5984端口开放Restful的API接口，用于数据库的管理功能。 那么，问题出在哪呢？翻阅官方描述会发现，CouchDB中有一个QueryServer的配置项，在官方文档中是这么描述的： CouchDB delegates computation of design documents functions to external query servers...

Debian: Security Advisory (DSA-3431-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Automate Incident Handling Process : IntelMQ

IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol. It’s a community driven initiative called IHAP Incident Handling Automation Project which was conceptually designed by European CERTs during several...

Gophish - Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. One-Click Installation Download and Extract the ZIP - Gophish binaries are provided for...

DSA-3431-2 ganeti - regression update

Bulletin has no description...

Hackazon - A Modern Vulnerable Web App

Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and...

[SECURITY] [DSA 3431-1] ganeti security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3431-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2016 https://www.debian.org/security/faq -...

Pair of Drupal Modules Patch Access Bypass Flaws

A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users. One of the modules fixed is the Twitter module, which allows users to take a variety of actions,...

Important: Red Hat Security Advisory: foreman-proxy security update

Updated foreman-proxy packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform Foreman. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: foreman-proxy security update

Updated foreman-proxy packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[SECURITY] Fedora 21 Update: couchdb-1.6.1-4.fc21

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...

[SECURITY] Fedora 20 Update: couchdb-1.6.1-4.fc20

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...

Browser Exploitation Framework: BeEF

Browser Exploitation Framework The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging...

[Firebind Reflector v0.53] Portable Network Path Scanning Tool

Firebind Reflector is a portable network path scanning tool that can profile firewall and other network device rules for port blocking, such as perform egresss/exfiltration testing. Reflector has a client side and listener server-side like Netcat and Ncat, except Reflector can dynamically be told...

[SECURITY] Fedora 18 Update: couchdb-1.2.1-2.fc18

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...

Low: Red Hat Security Advisory: openstack-glance security update

Updated openstack-glance packages that fix multiple bugs and add various enhancements are now available for Red Hat OpenStack Essex. The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to...

[SECURITY] Fedora 13 Update: couchdb-0.11.2-2.fc13

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...

[SECURITY] Fedora 13 Update: couchdb-0.10.2-1.fc13

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...

[SECURITY] Fedora 12 Update: couchdb-0.10.2-1.fc12

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...