Re: IXXO Cart! Standalone and Joomla Component SQL Injection Posted by YEHG Group on Jul 26 Thanks, I’ll update the database of http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project On Sat, Jul 25, 2009 at 3:57 PM, SmOk3<smok3f00_at_gmail.com> wrote: > Original advisory at: > … URL: http://seclists.org/fulldisclosure/2009/Jul/0394.html
Posts Tagged ‘Database’
Court
Ca: Police can keep, share records, even after charges dropped: Court The Ontario Court of Appeal has ruled that police are entitled to keep information on databases about charges that have been withdrawn against individuals and also share these records with other agencies. The decision, released Thursday, overturned a lower-court ruling that concluded that Peel [...]
Police Vetted Jury Pool For Crown
Ca: Police Vetted Jury Pool For Crown Police forces in Barrie, Ont., and the surrounding region have been conducting background checks of potential jurors without their knowledge for several years at the request of the Ministry of the Attorney-General, according to documents obtained by the National Post. Confidential police databases were searched to see if [...]
Convicts shouldn’t expect privacy rights
Wendy Murphy: Convicts shouldn’t expect privacy rights The ACLU in Massachusetts has been scaring people with a fear-mongering claim that cops are violating Criminal Offender Record Information laws by searching through the state’s criminal records database to see whether certain celebrities have rap sheets. They’re using the story to gain support for a proposed amendment [...]
Why Security Isn’t A Solo Act
Why Security Isn’t A Solo Act High technology’s biggest bet these days is on “cloud computing,” namely massive data centers running databases and application software across networks for businesses, consumers and some combination of the two. The idea is that the shared systems can scale up savings, transactions and innovation faster than ever. Less talked [...]
->
(GET var ‘id’) BLIND SQL INJECTION EXPLOIT –Dog Pedigree Online Database v1.0.1-Beta –> <!– Envelope-to: email@address Delivery-date: Tue, 19 May 2009 18:55:26 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M6TXC-00079n-Kh for email@address; Tue, 19 May 2009 18:55:26 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id [...]
Advanced blind SQL injection (with Oracle examples), (Tue, May 19th)
Advanced blind SQL injection (with Oracle examples), (Tue, May 19th) Quite often developers ask me if they should put controls about every single parameter that they receive from users of their web application. My answer is, of course, yes. Couple of weeks ago I worked on a penetration test where we exploited a blind SQL [...]
MySQL founder creates Open Database Alliance
MySQL founder creates Open Database Alliance Monty Widenius, the main author of MySQL, has announced he is setting up the Open Database Alliance (ODA) to consolidate work on the open database. The ODA will consist of a set of companies offering software, support and services for MariaDB, an enterprise-grade, community-developed branch of MySQL. MySQL serices [...]
Maldives Elections Commission website hacked
Maldives Elections Commission website hacked The website of the Maldives Elections Commission was hacked last night and the hackers defaced the homepage of the website. It isn¡¦t sure when the attack had occurred but even by 9:15pm last night the hackers¡¦ message on the homepage had not been removed. Later, after the website finally went [...]
UC Berkeley suffers breach
UC Berkeley suffers breach Hackers breached a server in the health services center at the University of California, Berkeley, and accessed the personal data of more than 160,000 people, the college announced Friday. The stored database records included Social Security numbers and health insurance and other medical information. The intruders, believed to be based overseas, [...]
Mass. police snooped on celebrities’ records
Mass. police snooped on celebrities’ records Massachusetts law enforcement personnel tapped into the state criminal records database and inappropriately viewed the personal records of celebrities on dozens of occasions, according to a state audit released Tuesday. URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/nbjdWYnLkDM/
0663 (dbd::pg)
CVE-2009-0663 (dbd::pg) Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0663
Government looks to ISPs as it cuts comms database plan
Government looks to ISPs as it cuts comms database plan The government is set to require all telcos to record data between communications ¡V mobile phones, text message, emails and instant messages, as well as internet browsing sessions to social networking sites such as Facebook. The details of the Intercept Modernisation Programme were laid out [...]
U-turn on ‘Big Brother’ internet checks
UK: U-turn on ‘Big Brother’ internet checks Ministers backed down today over plans for a centralised database of email, telephone and internet data. Home Secretary Jacqui Smith said there were “absolutely no plans for a single central store” of communications data. Source – Metro Related – Politics.co.ukRelated – The Scotsman Reddit It | Digg This | Add to del.icio.us [...]
1436 (freebsd)
CVE-2009-1436 (freebsd) The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1436
