CVE-2022-1257

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files...

CVE-2022-27041

Due to lack of protection, parameter studentid in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases...

Sql injection

Due to lack of protection, parameter studentid in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases...

Poro - Scan Publicly Accessible Assets On Your AWS Cloud Environment

Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databases EC2 instances Redshift Databases Poro also check if a tag you specify is applied to identified public resources using --tag-key and --tag-value arguments...

April 5, 2022, update for Office 2016 (KB5002141)

April 5, 2022, update for Office 2016 KB5002141 This article describes update 5002141 for Microsoft Office 2016 that was released on April 5, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to...

Fedora: Security Advisory for pandoc-citeproc (FEDORA-2022-1f981071eb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-27534

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev Positive...

Improper Removal of Sensitive Information Before Storage or Transfer in irrd

IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR...

PYSEC-2022-178

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...

Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases, which allows attackers to increase their privileges.

Vulnerability of the MySQL Cluster component: General database management system vulnerabilities in MySQL Cluster exist due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to increase their privileges remotely...

Infographic: Log4Shell Vulnerability Impact by the Numbers

The full scope of risk presented by the Log4Shell vulnerability is something unprecedented, spanning every type of organization across every industry. Hard to find but easy to exploit, Log4Shell immediately places hundreds of millions of Java-based applications, databases, and devices at risk...

Anonymous & its affiliates hacked 90% of Russian misconfigured databases

By Waqas A new report reveals that since the Russian attack on Ukraine, Anonymous and its affiliate groups have compromised… This is a post from HackRead.com Read the original post: Anonymous & its affiliates hacked 90% of Russian misconfigured databases...

Geowifi - Search WiFi Geolocation Data By BSSID And SSID On Different Public Databases

Search WiFi geolocation data by BSSID and SSID on different public databases. Databases: Wigle Apple OpenWifi Milnikov Prerequisites Python3. In order to display emojis on Windows , it is recommended to install the new Windows terminal. ⚠️ In order to use the Wigle service it is necessary to obtai...

Loki RAT (Relapse) SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...

Hacking forum Raidforums.com allegedly seized by authorities

By Waqas Raidforums.com is one of the largest clearnet hacking forums. It offers stolen databases, login credentials, adult content, and… This is a post from HackRead.com Read the original post: Hacking forum Raidforums.com allegedly seized by authorities...

vulhub

This repository is an open-source project for vulnerability research and training, maintained by phith0n. It contains a collection of vulnerable environments and tools for testing and learning about various security vulnerabilities. The repository is hosted on GitHub and has a community-driven...

SQLRecon - A C# MS SQL Toolkit Designed For Offensive Reconnaissance And Post-Exploitation

A C MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki. Usage You can grab a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself This should be as straight...

MariaDB DoS Vulnerability (MDEV-25635) - Linux

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

Security Bulletin: A security vulnerability has been identified in the IBM Spectrum Protect Client that affects multiple IBM Spectrum Protect products (CVE-2018-1786)

Summary The IBM Spectrum Protect formerly Tivoli Storage Manger Client/API is used as a component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for Windows, IBM Spectrum Protect for Databases, and IBM Spectrum Protect for Mail. Information about a security vulnerabili...

Security Bulletin: Security vulnerabilities have been identified in the Tivoli Storage Manager (IBM Spectrum Protect) Client that affect multiple Tivoli Storage Manager (IBM Spectrum Protect) products

Summary The Tivoli Storage Manger IBM Spectrum Protect Client/API is used as a component of Tivoli Storage FlashCopy Manager IBM Spectrum Protect Snapshot for Windows, Tivoli Storage Manager IBM Spectrum Protect HSM for Windows, Tivoli Storage Manager IBM Spectrum Protect for Databases, Tivoli...