CVE-2021-37422

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases...

Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports

Three weeks after an independent researcher found a critical bug in the Services Australia COVID-19 digital vaccine certificate that would allow an attacker to falsify someone’s vaccine status, it still hasn’t been fixed. Researcher Richard Nelson looked into the security behind a new digital...

vulhub

This is an open-source collection of vulnerable systems and applications for educational purposes. It is a repository of vulnerable systems and applications, including web servers, databases, and other software, that can be used to test and learn about security vulnerabilities. The repository is...

ChaosDB: How we hacked thousands of Azure customers’ databases

As part of building a market-leading CNAPP, Wiz Research is constantly looking for new attack surfaces in the cloud. Two weeks ago we discovered an unprecedented breach that affects Azure’s flagship database service, Cosmos DB...

CVE-2021-37698

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate...

CVE-2021-37698

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate...

UBUNTU-CVE-2021-37698

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate...

CVE-2021-37698

CVE-2021-37698 affects Icinga 2 (versions 2.5.0–2.13.0) where ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer fail to verify the server’s certificate even when a CA is configured. This TLS validation flaw can enable credential exposure or impersonation when connecting to TSDBs...

100m T-Mobile Customer Records Purportedly Up for Sale

A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The collection is a subset of the purported 100 million records contained in stolen databases. The seller told Motherboard – which first reported...

Hotel Druid SQL Injection Vulnerability

Hotel Druid is an open source application for hotel management developed by DigitalDruid.Net. A security vulnerability exists in Hotel Druid version 3.0.2, which stems from the fact that malicious attackers can exploit the vulnerability to issue SQL commands to SQLite databases via the vulnerable...

Oracle MySQL Server 8.0 <= 8.0.21 Security Update (cpujul2021) - Linux

Oracle MySQL Server is prone to a denial of service DoS vulnerability in the Optimizer component. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Important: Red Hat Security Advisory: libldb security update

An update for libldb is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

vulhub

This is an open-source collection of vulnerable web applications and environments for security training and testing. It is a repository of vulnerable systems and applications that can be used to practice and improve one's skills in penetration testing and vulnerability assessment. The repository...

What is (SQLi) SQL Injection❓ — Types, Example and Prevention. Part 1

What is SQLi SQL Injection❓ — Types, Example and Prevention. Part 1 SQL injection concept Data is among the most crucial parts of every information system. Hence, organizations use databases that are fueled by applications on the web to get clients’ information. Now, it’s crucial to properly mana...

vulhub

This is an open-source, community-driven project called Vulhub, which provides a comprehensive collection of vulnerable systems and applications for educational and testing purposes. The repository contains a wide range of vulnerable systems, including web applications, databases, and networks, a...

Wegmans Exposes Customer Data in Misconfigured Databases

Wegmans Food Markets, the U.S. supermarket chain, has notified customers that some of their data was exposed because two of its cloud-based databases were misconfigured, making them publicly accessible online. In a publicly posted breach notification letter, Wegmans said that the issue was first...

vulhub1

This is an open-source collection of vulnerable systems and applications for educational purposes, maintained by phith0n. It provides a controlled environment for learning and practicing penetration testing, vulnerability assessment, and security research. The repository contains various vulnerab...

Sql injection

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359...

CVE-2021-23230

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359...

Windows Container Malware Targets Kubernetes

Windows containers have been victimized for over a year by the first known malware to target Windows containers. The ongoing campaign pierces Kubernetes clusters so as to plant backdoors, allowing attackers to steal data and user credentials, or even hijack an entire databases hosted in a cluster...