Security Bulletin: Security vulnerabilities have been identified in the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client that affect multiple IBM Spectrum Protect (formerly Tivoli Storage Manager) products

Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Client/API is used as a component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for Windows, IBM Spectrum Protect formerly Tivoli Storage Manager HSM for Windows, IBM Spectrum Protect formerly Tivoli...

MariaDB DoS Vulnerability (MDEV-25630) - Windows

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

vulhub

This is an open-source collection of vulnerable web applications and environments, designed for security training and testing. The repository contains a variety of applications, including web servers, databases, and other services, each with its own set of vulnerabilities. The goal is to provide ...

CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...

3 Data Source Coverage Capabilities You Need from Your Database Security Solution

When Henry Ford, the de-facto inventor of mass production, was asked during a production meeting in 1909 in which colors his Model T automobile would be available to consumers, Ford - a notorious stickler for keeping costs to the bare minimum - offered almost no optional extras and that included...

GNU Recutils Resource Management Error Vulnerability (CNVD-2022-06489)

GNU Recutils is a GNU community tool and library for accessing recfiles plain text databases. GNU Recutils has security vulnerabilities that can be exploited by attackers to cause segmentation errors or application crashes...

GNU Recutils Resource Management Error Vulnerability

GNU Recutils is a GNU community tool and library for accessing recfiles plain text databases. GNU Recutils has security vulnerabilities that can be exploited by attackers to cause segmentation errors or application crashes...

Description of the security update for Office 2013: January 11, 2022 (KB5002124)

Description of the security update for Office 2013: January 11, 2022 KB5002124 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-21840. Note: To apply thi...

vulhub

This is an open-source collection of vulnerable systems and applications for educational purposes. The repository is maintained by phith0n and is available on GitHub. It contains a variety of vulnerable systems and applications, including web applications, databases, and operating systems. The...

vulhub

This is an open-source collection of vulnerable web applications and environments for security research and training. It is a repository of vulnerable systems, including web applications, databases, and other software, designed to help security professionals and researchers practice and improve...

Description of the security update for Office 2013: December 14, 2021 (KB5002104)

Description of the security update for Office 2013: December 14, 2021 KB5002104 Summary This security update resolves a Microsoft Jet Red database engine and access connectivity engine elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilitie...

Ransomware Affiliate Arrested in Romania; 51 Stolen Data Brokers Arrested in Ukraine

Europol, the European Union's premier law enforcement agency, has announced the arrest of a third Romanian national for his role as a ransomware affiliate suspected of hacking high-profile organizations and companies and stealing large volumes of sensitive data. The 41-year-old unnamed individual...

IBM Db2 Access Control Error Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...

Backdoor.Win32.Wollf.a Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/52d1341f73c34ba2638581469120b68a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.a Vulnerability: Weak Hardcoded Password Description: The malware listens on TC...

Critical WordPress plugin vulnerability allowed wiping databases

By Waqas The vulnerability existed in the WP Reset PRO WordPress plugin which is used by more than 400,000 websites. This is a post from HackRead.com Read the original post: Critical WordPress plugin vulnerability allowed wiping databases...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

CVE-2021-25874

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes...

CVE-2021-25874

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes...

vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning about web application security. It is a project maintained by phith0n and hosted on GitHub. The project provides a variety of vulnerable applications and environments, including web servers,...