postgresql: Empty password accepted in some authentication methods

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

postgresql: Empty password accepted in some authentication methods

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

postgresql: Empty password accepted in some authentication methods

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

Microsoft Teams help & learning

None Microsoft Teams help & learning Meetings Chat Notifications & settings Teams & channels Calls & devices Files Troubleshoot New to Microsoft Teams? Learn all about Teams' essential features here.MeetingsChatNotificationsTeamsChannelsCalls Meet Microsoft 365 Copilot Copilot works alongside you...

Grading our Predictions: See how we fared in 1H 2017

In December of last year, we released eight predictions as to what we thought the 2017 cybersecurity landscape would hold. Although we’ve definitely observed new trends and attacks that we didn’t foresee, we’ve also seen several of our predictions play out as anticipated. With only three and a ha...

Cross site scripting

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2017-12212

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2017-12212

Cisco Unity Connection (v10.5(2) with default config) is affected by a reflected cross-site scripting (XSS) vulnerability in its web framework. The issue arises from insufficient input validation on HTTP GET/POST parameters, allowing an unauthenticated, remote attacker to persuade a user to follo...

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

fses - Python Library To Scrap Url'S From Search Engines

Fucking Search Engines Scraper - python library to scrap url's from search engines Search Engines we scrap Ask Bing DuckDuck GO UOL Yahoo Install git clone https://github.com/mthbernardes/fses.git cd fses pip install -r requeriments.txt Usage Simple search using Ask from searchEngines.ask import...

Luckystrike - A PowerShell based utility for the creation of malicious Office macro documents

A PowerShell based utility for the creation of malicious Office macro documents. To be used for pentesting or educational purposes only. Luckystrike is a menu-drive SET style PowerShell-based generator of malicious .xls and .doc documents. All your payloads are saved into a database for easy...

Amazon Linux AMI : postgresql94 / postgresql95 (ALAS-2017-885)

pgusermappings view discloses passwords to users lacking server privileges : An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user...

SANS Institute: Hackers Paint a Bullseye on Your Employees and Endpoints

End users and their devices are right smack in the center of the battle between enterprise InfoSec teams and malicious hackers, and it’s not hard to see why. When compromised, connected endpoints — desktops, laptops, smartphones, tablets — offer intruders major entry points into corporate network...

Google Removes Chrome Extension Used in Banking Fraud

Google has removed from the Chrome Web Store a malicious browser extension used by criminals in Brazil to target corporate users with the aim of stealing banking credentials. The twist is that the attackers did their homework on their targets, learning via social networks whom inside an...

HTTP Load Generator: hey

hey is a tiny program that sends some load to a web application – ApacheBench ab replacement. hey was originally called boom and was influenced from Tarek Ziade’s tool at tarekziade/boom . Installation go get -u github.com/rakyll/hey Note: Requires go 1.7 or greater. Usage hey runs provided numbe...

Debian DSA-3935-1 : postgresql-9.4 - security update

Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7546 In some authentication methods empty passwords were accepted. - CVE-2017-7547 User mappings could leak data to unprivileged users. - CVE-2017-7548 The loput function ignored ACLs. For more in-depth...

FreeBSD : PostgreSQL vulnerabilities (982872f1-7dd3-11e7-9736-6cc21735f730)

The PostgreSQL project reports : - CVE-2017-7546: Empty password accepted in some authentication methods - CVE-2017-7547: The 'pgusermappings' catalog view discloses passwords to users lacking server privileges - CVE-2017-7548: loput function ignores ACLs %NASLMINLEVEL 70300 C Tenable Network...

Vulnerability in core server (CVE-2017-7546)

empty password accepted in some authentication methods...

PostgreSQL vulnerabilities

The PostgreSQL project reports: CVE-2017-7546: Empty password accepted in some authentication methods CVE-2017-7547: The "pgusermappings" catalog view discloses passwords to users lacking server privileges CVE-2017-7548: loput function ignores ACLs...

cfme: Execution of arbitrary methods through filter param

It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to e.g. destroying VMs...