vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is a community-driven project that aims to provide a safe and controlled environment for users to practice and improve their skills in web application security. The repository...

Ransomware: Why do backups fail when you need them most?

Its widely known, and endlessly repeated, that the last, best line of defence against the potentially devastating effects of a ransomware attack is your backups. So why do we keep hearing things like this: Were also feeling relatively confident, we have a very good backup system … and then we fin...

Oracle MySQL Server 8.0 <= 8.0.26 Security Update (cpuoct2021) - Linux

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

AUVESY Versiondog permission permission and access control issues vulnerability

AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. AUVESY Versiondog is vulnerable to permission and access control issues, which could be exploited by an attacker to change user passwords or delete databases...

[SECURITY] Fedora 34 Update: moby-engine-20.10.9-1.fc34

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

The European Parliament Voted to Ban Remote Biometric Surveillance

Its not actually banned in the EU yet -- the legislative process is much more complicated than that -- but its a step: a total ban on biometric mass surveillance. To respect "privacy and human dignity," MEPs said that EU lawmakers should pass a permanent ban on the automated recognition of...

Redis input validation error vulnerability

Hiredis is a C client for Redis databases. Hiredis suffers from a security vulnerability that allows attackers to provide maliciously crafted or corrupted RESP, mult-bulk protocol data that can lead to integer overflows. No detailed vulnerability details are currently available...

IFSC Code Finder Project 1.0 SQL Injection

Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-07 Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows...

Teleport has an unspecified vulnerability (CNVD-2022-18316)

Teleport is an identity-aware, multi-protocol access agent from Teleport USA, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications, and databases across all environments, Teleport has a security vulnerability that could be exploit...

Teleport has an unspecified vulnerability

Teleport is an identity-aware, multi-protocol access agent from Teleport USA, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments.Teleport suffers from a security vulnerability that could be...

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

An update for nss and nspr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

RLSA-2021:3572 Moderate: nss and nspr security, bug fix, and enhancement update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. The following packages have been upgrad...

ALSA-2021:3572 Moderate: nss and nspr security, bug fix, and enhancement update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. The following packages have been upgrad...

Moderate: nss and nspr security, bug fix, and enhancement update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. The following packages have been upgrad...

nss and nspr security, bug fix, and enhancement update

An update is available for nspr, nss. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

Pair of Google Chrome Zero-Day Bugs Actively Exploited

Google has addressed two zero-day security bugs that are being actively exploited in the wild. As part of the internet giant’s latest stable channel release version 93.0.4577.82 for Windows, Mac and Linux, it fixed 11 total vulnerabilities, all of them rated high-severity. The two zero days are...

Unpatched Bugs Plague Databases; Data Is Not Secure

A five-year longitudinal study found that nearly one out of every two on-premises databases globally – 46 percent – is vulnerable to attack, given that it has at least one unpatched vulnerability. The study, which involved 27,000 scanned databases globally, discovered that more than half – 56...

Data security is broken: What’s next?

One out of every two on-premises databases globally has at least one vulnerability, finds a new study from Imperva Research Labs spanning 27,000 on-prem databases, based on insights from a proprietary database scanning service introduced by Imperva Innovation five years ago. The question is: why ...

ODBParser - OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing

ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed PII and warn server owners of irresponsible database maintenance OR to query databases you have permission to access! PLEASE USE RESPONSIBLY What is this? Wrote this as wanted to create...

Sql injection

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases...