48 matches found
CVE-2024-9983
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...
CVE-2024-9983
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...
CVE-2024-9984
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie...
CVE-2024-9985
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server...
CVE-2024-9985 Ragic Enterprise Cloud Database - Arbitrary File Upload
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server...
CVE-2024-9985
CVE-2024-9985 involves the Ragic Enterprise Cloud Database. The vulnerability arises from improper validation of uploaded file types, enabling attackers with regular privileges to upload a webshell and execute arbitrary code on the remote server. Multiple sources (NVD and national/ regional advis...
CVE-2024-9983 Ragic Enterprise Cloud Database - Arbitrary File Read through Path Traversal
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...
Ragic Enterprise Cloud Database 安全漏洞
Ragic Enterprise Cloud Database is an enterprise cloud database from Ragic, Inc. A security vulnerability exists in versions of Ragic Enterprise Cloud Database prior to 2024/08/08 09:45:25, which stems from failure to properly validate uploaded file types, allowing an attacker with regular...
PT-2024-39982 · Ragic · Enterprise Cloud Database
Name of the Vulnerable Software and Affected Versions: Enterprise Cloud Database from Ragic affected versions not specified Description: The issue is related to the improper validation of file types for uploads in the Enterprise Cloud Database from Ragic. Attackers with regular privileges can...
Ragic Enterprise Cloud Database 安全漏洞
Ragic Enterprise Cloud Database is an enterprise cloud database from Ragic, Inc. A security vulnerability exists in versions of Ragic Enterprise Cloud Database prior to 2024/08/08 09:45:25, which stems from failure to properly validate specific page parameters, allowing an unauthenticated, remote...
Ragic Enterprise Cloud Database 访问控制错误漏洞
Ragic Enterprise Cloud Database is an enterprise cloud database from Ragic, Inc. An access control error vulnerability exists in versions of Ragic Enterprise Cloud Database prior to 2024/08/08 09:45:25, which stems from unauthenticated access to a specific feature, allowing an unauthenticated,...
Mexico’s Largest ERP Provider ClickBalance Exposes 769 Million Records
ClickBalance ERP providers cloud database exposed 769 million records, including API keys and email addresses. Learn how this…...
Crooks Steal Phone, SMS Records for Nearly All AT&T Customers
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the...
Ticketmaster confirms customer data breach
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...
TotalCloud Insights: A Wake-Up Call on Cloud Database Security Failure Rates
In part 1 of this two-part blog, we explored how to safeguard cloud databases from SQL Server threats and lateral movement risks. In this second part, we turn our focus to a comparative analysis of database security across three major cloud service providers CSPs, AWS, Azure, and GCP, as well as...
Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data
A new security flaw has been disclosed in the Google Cloud Platform's GCP Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a...
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack...
SaaS Eliminates Barriers to Applying Security Controls to Your Entire AWS and Azure Data Repository
Businesses today widely regard data as “the new oil,” the most valuable resource on earth. At the same time, we are in the midst of the most dynamic IT landscape in history which is increasing the risk to this most valuable asset. Organizations, without sufficiently skilled staff to effectively...
Detecting malicious key extractions by compromised identities for Azure Cosmos DB
Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...
Detecting malicious key extractions by compromised identities for Azure Cosmos DB
Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...