17 matches found
EUVD-2018-6771
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-17188
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where...
Linux Distros Unpatched Vulnerability : CVE-2018-8007
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings...
CVE-2023-27877
IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905...
CVE-2022-24706
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...
vulhub
This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is a defensive research tool for improving detection, response, and patch prioritization. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, and more...
SUSE CVE-2020-1955
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called requirevaliduserexceptforup. It was meant as an extension to the long standing setting requirevaliduser, which in turn requires that any and all requests to CouchDB will...
PT-2022-13442 · Apache · Apache Couchdb
Name of the Vulnerable Software and Affected Versions: Apache CouchDB affected versions not specified Description: The issue is related to an insecure default initialization of resources in Apache CouchDB, which could allow an attacker to elevate their privileges to the administrator level...
vulhub
This is an open-source collection of vulnerable web applications and environments for testing and learning about web application security. It is a project maintained by phith0n and hosted on GitHub. The repository contains a variety of applications and environments, including CouchDB, FFmpeg, Git...
vulhub
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and tools for testing and demonstrating various attacks. The repository includes a variety of modules and tools for different types of attacks, such as web...
Exploit for SQL Injection in Zabbix
This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments, not a single exploit or tool. The repository contains various vulnerable environments, including CouchDB, ffmpeg, git, and influxdb, among...
CVE-2018-14889
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability...
CVE-2018-14889
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability...
Apache CouchDB elevation of privilege vulnerability (CNVD-2018-15060)
CouchDB is a document-oriented database system developed using Erlang . A security vulnerability exists in Apache CouchDB versions prior to 2.2.0, which stems from the program failing to adequately validate configuration settings submitted by administrators via the HTTP API. The vulnerability can...
Apache CouchDB Remote Code Execution Vulnerability
Apache CouchDB is the United States Apache Apache Software Foundation , a free , open source , document-oriented database , is a use of JSON as a storage format , JavaScript as a query language , MapReduce and HTTP as the API of the NoSQL database . A remote code execution vulnerability exists in...
Apache CouchDB 1.5.0 - 'uuids' Denial of Service
Exploit Title: Couchdb uuids DOS exploit Google Dork inurl: uuids Date: 03/24/2014 Exploit Author: KrustyHack Vendor Homepage: http://couchdb.apache.org/ Software Link: http://couchdb.apache.org/ Version: up to 1.5.0 Tested on: Linux Couchdb up to 1.5.0 HOW TO ====== curl...
CouchDB < 0.11.2 Futon Admin Interface Cross-Site Request Forgery
Binary data 5642.prm...