CVE-2017-18411

The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account SEC-285...

Input validation

In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases SEC-283...

CVE-2017-18411

The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account SEC-285...

CVE-2017-18411

The CVE-2017-18411 issue concerns cPanel’s addon domain conversion feature (pre-67.9999.103). The affected component is the addon domain conversion workflow, which can copy all MySQL databases to the newly created account, per SEC-285. The available documents describe the vulnerability impact as ...

CVE-2017-18409

In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases SEC-283...

CVE-2017-18409

In this CVE, the affected software is cPanel prior to 67.9999.103. The backup interface could return a backup archive containing all MySQL databases (SEC-283), indicating an information disclosure vulnerability in the backup generation process. The available sources do not specify the exact root ...

PostgreSQL 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Information Disclosure Vulnerability - Windows

PostgreSQL is prone to an information disclosure vulnerability due to selectivity estimators bypass row security policies. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

A week in security (July 22 – 28)

Last week on Malwarebytes Labs, we offered an extensive analysis into the Malaysian Airlines Flight 17 investigation, updated users on the newest feature set to AdwCleaner 7.4.0 it now detects pre-installed software, and provided a deep dive into Phobos ransomware. We also broke down the latest...

ALPINE-CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...

DEBIAN-CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...

CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...

[SECURITY] Fedora 29 Update: libldb-1.4.7-1.fc29

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

IBM Patches Critical, High-Severity Flaws in Spectrum Protect

IBM has disclosed critical and high-severity vulnerabilities in Spectrum Protect, Big Blue’s security tool under the umbrella of its Spectrum data storage software branding. The most severe of these flaws could cause a remote attacker to execute arbitrary code on impacted systems. Overall, IBM...

CVE-2019-4140

IBM Tivoli Storage Manager Server IBM Spectrum Protect 7.1 and 8.1 could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336...

PT-2019-16921 · Ibm · Ibm Spectrum Protect +1

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Manager Server IBM Spectrum Protect versions 7.1 through 8.1 Description: The issue allows a local user to replace existing databases by restoring old data. Recommendations: For versions 7.1 through 8.1, update to a version...

MongoDB Leak Exposed Millions of Medical Insurance Records

An online database belonging to insurance marketing website MedicareSupplement.com was found exposing more than 5 million records with personal information. MedicareSupplement.com is a U.S.-based marketing site that allows users to find supplemental medical insurance available in their area...

WhatBreach - OSINT Tool To Find Breached Emails And Databases

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there if there are any breaches it will search for the query link on Dehashed pertaining to the...

USN-4019-2: SQLite vulnerabilities

USN-4019-1 fixed several vulnerabilities in sqlite3. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain SQL files. An attacker could possibly use this issue to execute arbitrary cod...

PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Management products

On May 21, I spoke at the PHDays 9 conference. I talked about new methods of Vulnerability Prioritization in the products of Vulnerability Management vendors. During my 15 minutes time slot I defined the problems that this new technology has to solve, showed why these problems could NOT be solved...

Password Cracker: Databases

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from the mssqlhashdump, mysqlhashdump, postgreshashdump, or oraclehashdump modules. Passwords that have been successfully cracked are then saved as proper credentials. Due to the complexity of some of t...