Posts

Showing posts with the label critical flaw

SQLmap Automated SQL injection tool

Image
  SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. It is written in Python and is available on Linux, Windows, and macOS. SQLMap is a powerful tool that can be used by security professionals, penetration testers, and ethical hackers to identify and exploit SQL injection vulnerabilities in web applications. SQL injection is a type of security vulnerability that allows an attacker to manipulate a web application's SQL database by injecting malicious SQL statements into an entry field, such as a search field or a login form. This can lead to data theft, data manipulation, and even complete control of the web application and its underlying database. SQLMap works by sending various SQL injection techniques to the targeted web application to identify vulnerabilities. It supports a wide range of database management systems such as MySQL, Oracle, PostgreSQL, Microsoft SQL ...

Spectre and Meltdown the big chip flaws

Image
Processors are vital to running all our computerized devices, even if we hardly ever think about them. That's why it's a big deal that they have major vulnerabilities, such as Spectre and Meltdown, that leave them open to hacking attacks. As they run all the essential processes on your computer, these silicon chips handle extremely sensitive data. That includes passwords and encryption keys, the fundamental tools for keeping your computer secure. The Spectre and Meltdown vulnerabilities, revealed Wednesday, could let attackers capture information they shouldn't be able to access, like  those passwords and keys. As a result, an attack on a computer chip can turn into a serious security concern. What are the vulnerabilities? Researchers found two major weaknesses in processors that could let attackers read sensitive information that should never leave the CPU, or central processing unit. In both cases, attackers could see data that the processor temp...

Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager

Image
A highly critical vulnerability has been discovered in Oracle's enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems. The critical vulnerability tracked as CVE-2017-10151, has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction, Oracle said in its advisory published Monday without revealing many details about the issue. The vulnerability affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware—an enterprise identity management system that automatically manages users' access privileges within enterprises. The security loophole is due to a "default account" that an unauthenticated attacker over the same network can access via HTTP to compromise Oracle Identity Manager. Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the ...