36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package...

Exploit for OS Command Injection in Postgresql

EN GenPostgresRCEExploit is a PoC tool designed to exploit...

CVE-2011-2483

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

IMP 2.x SQL injection vulnerabilities

IMP is a popular webmail package written in PHP. It ships with some UNIX systems and is also used on Windows servers. The version 2 of the program contains some SQL injection flaws which allow any remote user to access the webmail system's database. Valid user authentication is not required in...