Database Management Systems Vulnerabilities Archives

An SQL vulnerability exists in the Work In Process component of Oracle E-Business Suite. Successful...

 Tags CVE20192633, CVE20192638, Database Management Systems Vulnerabilities, EBusiness, Injection, Oracle, SQL, Suite

 Category CERT-LatestNews Database Management Systems VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesMicrosoft

Proof of Concept Released for SQL Remote Code Execution Patch |

Source

February 18, 2020

Proof of Concept Released for SQL Remote Code Execution Patch | | IT Security News...

 Tags Code, Concept, Database Management Systems Vulnerabilities, Execution, Patch, Proof, Released, Remote, SQL, threat watch – binary defense

WP Database Reset插件漏洞 – 嘶吼 RoarTalk – 回归最本质的信息安全,互联网安全新媒体,4hou.com

Source

February 18, 2020

1月7日，研究人员在WP Database Reset插件中发现多个安全漏洞，CVE编号分别是CVE-2020-7048和CVE-2020-7047。该插件安装量超过80000次。其中一个漏洞允许非认证的用户来重置数据库中的表到初始化WordPress安装状态，另一个漏洞允许非认证的用户在drop其他用户的适合授予账户管理权限。 CVE-2020-7048 CVE-2020-7048漏洞是WP Database Reset插件中的漏洞，属于非认证的数据库重置漏洞，v 3.1及更低版本都受到该漏洞的影响，该漏洞CVSS 3.0评分为9.1。 WP Database Reset插件提供给用户重置数据库表密码的一个便捷的数据库重置插件，管理员可以在无需重装WordPress的情况下对网站进行测试。由于该插件功能强大，如果不进行合理的保护，可能会带来巨大的危害。这也就是研究人员发现漏洞的所在。插件中的数据库重置函数中没有一个进行了检查或使用了安全随机数。由于没有适当的安全控制，WP Database Reset插件中的安全漏洞使得任意非认证的用户可以重置数据库中的任意表。重置还会引发数据可用性的破坏。攻击者发送一个简单的请求就可以将站点重置到WordPress标准默认状态。...

 Tags Database, Database Management Systems Vulnerabilities, Reset插件漏洞, RoarTalk, 嘶吼, 回归最本质的信息安全互联网安全新媒体4houcom, 漏洞

2020年1月的全球威胁指数报告：新冠病毒主题垃圾邮件传播Emotet恶意软件

Source

February 18, 2020

随着新冠病毒疫情的威胁吸引了全球的关注，2020年1月的全球威胁指数报告指出网络犯罪分子利用了新冠病毒疫情这个热点来进行恶意活动，全球爆发了多起与该病毒相关的垃圾邮件活动。规模最大的新冠病毒疫情主题的攻击活动主要攻击日本，通过日本残疾人福利服务提供者发送的邮件附件来传播Emotet恶意软件。垃圾邮件会鼓励受害者打开恶意附件，如果受害者打开恶意附件，就会在受害者计算机上下载Emotet。 Top 10恶意软件家族. 注：*箭头变化是与上个月的排名进行对比. 与上个月相比，Top 3的恶意软件家族没有发生变化——Emotet排名第1，影响全球约13%的企业，第2和第3是XMRig和Trickbot…. Source link

 Tags 2020年1月的全球威胁指数报告新冠病毒主题垃圾邮件传播Emotet恶意软件, Database Management Systems Vulnerabilities, 恶意软件

#infosec | Remote Wipe Plugin Bug Affects Over 200,000 WordPress Sites | National Cyber Security

Source

February 18, 2020

Security researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress...

 Tags 200000, Affects, bug, Cyber, Database Management Systems Vulnerabilities, infosec, National, plugin, Remote, Security, sites, Wipe, WordPress

vamtam-theme-circle-post

 Category Database Management Systems VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesGoogle

What You Need To Know About Location Intelligence In 2020

Source

February 18, 2020

Share to facebook Share to twitter Share to linkedin Getty 53% of enterprises say that...

vamtam-theme-circle-post

 Category Database Management Systems VulnerabilitiesAll VulnerabilitiesDBMS

Remote Wipe Plugin Bug Affects Over 200,000 WordPress Sites

Source

February 18, 2020

Security researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress...

 Tags 200000, Affects, bug, Database Management Systems Vulnerabilities, plugin, Remote, sites, Wipe, WordPress

WordPress Popup Builder SQL注入漏洞

Source

February 18, 2020

WordPress Popup Builder 2.2.8版本至2.6.7.6版本中的sg_popup_ajax.php文件的‘sgImportPopups’函数存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。来源:MISC 链接:https://plugins.trac.wordpress.org/browser/popup-builder/tags/2.2.8/files/sg_popup_ajax.php#L69 来源:MISC 链接:https://wpvulndb.com/vulnerabilities/10073 来源:MISC 链接:https://wordpress. Source link

 Tags Builder, Database Management Systems Vulnerabilities, Popup, SQL注入漏洞, WordPress

Indian Travel – SQL Injection Vulnerability

Source

February 18, 2020

# Exploit Title : Indian Travel – SQL Injection Vulnerability # Author : ./MiSetya #...

 Tags Database Management Systems Vulnerabilities, Indian, Injection, SQL, Travel, Vulnerability

WordPress主题插件严重漏洞修复，影响将近20万个网站

Source

February 18, 2020

WordPress的ThemeGrill Demo Importer程序的开发人员已更新了该插件，删除一个严重漏洞，该漏洞为未经身份验证的用户提供了管理员特权。攻击者可以管理员身份登录，并将网站的整个数据库还原为默认状态，从而完全控制这些网站。最流行的版本易受攻击. 该插件用于轻松导入ThemeGrill主题演示内容、小工具和设置，使他们更轻松地快速自定义主题。该插件目前安装在近200000个WordPress网站上，而最流行的版本最容易受到攻击。该漏洞存在于ThemeGrill Demo Importer插件从1.3.4到1.6.1的版本中。根据官方WordPress插件存储库的统计数据，最流行的版本是1. Source link

 Tags Database Management Systems Vulnerabilities, ThemeGrill, WordPress, WordPress主题插件严重漏洞修复影响将近20万个网站, 插件, 资讯

Tag: Database Management Systems Vulnerabilities

Oracle E-Business Suite SQL Injection (CVE-2019-2633; CVE-2019-2638)

Proof of Concept Released for SQL Remote Code Execution Patch |

WP Database Reset插件漏洞 – 嘶吼 RoarTalk – 回归最本质的信息安全,互联网安全新媒体,4hou.com

2020年1月的全球威胁指数报告：新冠病毒主题垃圾邮件传播Emotet恶意软件

#infosec | Remote Wipe Plugin Bug Affects Over 200,000 WordPress Sites | National Cyber Security

What You Need To Know About Location Intelligence In 2020

Remote Wipe Plugin Bug Affects Over 200,000 WordPress Sites

WordPress Popup Builder SQL注入漏洞

Indian Travel – SQL Injection Vulnerability

WordPress主题插件严重漏洞修复，影响将近20万个网站

Call Center
+31 55 8448040

Location

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

Call Center +31 55 8448040

Location

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

Call Center
+31 55 8448040