[Tools update] The Friday Security-Database Watch Newsletter — v20090424 Posted by SD List on Apr 24 Dear all, Here is the site’s newsletter "Security Database Tools Watch" (www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. We adopted the title "The Friday Security-Database Watch Newsletter". Many… URL: http://seclists.org/pen-test/2009/Apr/0151.html
Posts Tagged ‘Database’
eLitius ‘database-backup.php’ Information Disclosure Vulnerability
Vuln: eLitius ‘database-backup.php’ Information Disclosure Vulnerability eLitius ‘database-backup.php’ Information Disclosure Vulnerability URL: http://www.securityfocus.com/bid/34659
Web application vulnerabilities, (Tue, Apr 21st)
Web application vulnerabilities, (Tue, Apr 21st) In last two weeks we have been all witnesses of couple of major attacks that exploited web application vulnerabilities. Probably the best example was the Twitter XSS worm, which exploited several (!) XSS vulnerabilities in various parts of Twitter’s profile screen. Luckily, the XSS worm was more or less [...]
Oracle buys Sun
Oracle buys Sun Sun Microsystems will be acquired by Oracle in a deal valued at $7.4 billion, the company announced today. With the acquisition, Oracle gets the popular Java programming language, as well as the Solaris operating system, which has been a major platform for the Oracle database. The deal comes only two weeks after [...]
Advanced Oracle Sql Injection
Advanced Oracle Sql Injection Posted by ZwelL on Apr 19 Hi guys: Sometimes we meet Oracle database when we do web sql injection testing. All we do is to dump some data in the db. But you know what? Actually, we can do more and more operation of it, just like: 1?Fast data dumping even [...]
Advanced Oracle SQL Injection
Advanced Oracle SQL Injection Posted by ZwelL on Apr 19 Hi guys: Sometimes we meet Oracle database when we do web sql injection testing. All we do is to dump some data in the db. But you know what? Actually, we can do more and more operation of it, just like: 1¡BFast data dumping even [...]
Advanced Oracle SQL Injection
Advanced Oracle SQL Injection Posted by ZwelL on Apr 19 Hi guys: Sometimes we meet Oracle database when we do web sql injection testing. All we do is to dump some data in the db. But you know what? Actually, we can do more and more operation of it, just like: 1¡BFast data dumping even [...]
F.B.I. and States Vastly Expand DNA Databases
F.B.I. and States Vastly Expand DNA Databases Law enforcement officials are vastly expanding their collection of DNA to include millions more people who have been arrested or detained but not yet convicted. The move, intended to help solve more crimes, is raising concerns about the privacy of petty offenders and people who are presumed innocent. [...]
Twitter Packet Challenge Solution, (Sat, Apr 18th)
Twitter Packet Challenge Solution, (Sat, Apr 18th) Yesterday, I posted the packet below as my twitter feed to see how the packet skills are among my followers (my twitter feed is also replicated to Facebook). Anyway. Here the solution. I came across this packet while playing with scapy6 being bored on a plane. I was [...]
(Tools Updates) – Tools Watch latest releases
(Tools Updates) – Tools Watch latest releases Posted by SD List on Apr 17 Dear all, Here is the site’s newsletter "Security Database Tools Watch" (www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. Greetings We’d like to thank Maximiliano Soler (maximilianosoler.com.ar/) and … URL: http://seclists.org/pen-test/2009/Apr/0105.html
Stand Alone Application vs ClientServer
Stand Alone Application vs ClientServer Posted by M.D.Mufambisi on Apr 17 Hi folks, What in your opinion is more secure….an application sitting on the same computer as its datafiles/database or one that has the datafiles/or database on a server and the application on a separate machine? Im just reviewing a client who as an application [...]
1322 (asp_product_catalog)
CVE-2009-1322 (asp_product_catalog) ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1322
2009 Data Breach Investigation Report, (Wed, Apr 15th)
2009 Data Breach Investigation Report, (Wed, Apr 15th) Verizon’s annual Data Breach Investigation Report is out today. The study is based on data analyzed from 285 million compromised records from 90 confirmed breaches. The financial sector accounted for 93 percent of all such records compromised in 2008, and 90 percent of these records involved groups [...]
Calls grow to wipe innocent’s DNA from database
UK: Calls grow to wipe innocent’s DNA from database The campaign to have the DNA of innocent people removed from Britain’s database has received a boost as a pioneer of the technology broke ranks to criticise the government. In an interview with the Guardian, the inventor of genetic fingerprinting, professor Sir Alec Jeffreys, said the [...]
0985 (database_10g, database_11g)
CVE-2009-0985 (database_10g, database_11g) Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users with the IMP_FULL_DATABASE role to affect confidentiality, integrity, and availability. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0985
