DBMS

Pierluigi Paganini January 02, 2018
CSRF Vulnerability in phpMyAdmin allows attackers to perform DROP TABLE with a single click!

The development team of phpMyAdmin has fixed a CSRF vulnerability in phpMyAdmin that could be exploited by attackers for removing items from shopping cart. Researcher Ashutosh Barot has discovered a critical CSRF vulnerability in phpMyAdmin that could be exploited by attackers to perform malicious operations like drop tables and delete records. phpMyAdmin developers released the version 4.7.7 that addresses the […]

Pierluigi Paganini August 14, 2017
PostgreSQL issues three security patches, apply them asap

PostgreSQL has issued three security patches for 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22 versions. Update them as soon as possible. PostgreSQL has issued three security patches for 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22 versions. “The PostgreSQL Global Development Group is pleased to announce the availability of PostgreSQL 10 Beta 3 and updates to all supported […]

Pierluigi Paganini April 15, 2017
Watch out, the Riddle vulnerability affects some Oracle MySQL versions. Update them now

A bug dubbed Riddle vulnerability affecting MySQL 5.5 and 5.6 clients exposed user credentials to MiTM attacks. Update to version 5.7. A coding error dubbed The Riddle has been uncovered in the popular DBMS Oracle MySQL, the issue can be potentially exploited by attacker powering a man-in-the-middle attack to steal usernames and passwords. “The Riddle is a […]

Pierluigi Paganini December 29, 2016
Researcher found a severe flaw in the MONyog monitoring tool

A security expert discovered a vulnerability in the MONyog tool that could be exploited by a normal user to elevate his privilege access. The security researcher and penetration tester Mutail Mohamed (@muleyl) discovered a vulnerability in the MONyog, the most secure and scalable MySQL monitoring tool of the server monitoring tool. The application URL is https://www.webyog.com/product/monyog and the affected version is MONyog […]

Pierluigi Paganini November 03, 2016
Critical MySQL flaws can allow attackers to hack into your server

The security expert Dawid Golunski disclosed critical vulnerabilities in MySQL, MariaDB and PerconaDB can lead fully compromise of servers. Critical vulnerabilities affecting the MySQL, MariaDB and PerconaDB can lead fully compromise of servers. The flaws could be exploited by attackers to arbitrary code execution, root privilege escalation and, of course, server compromise. Dawid Golunski (@dawid_golunski) from Legal […]

Pierluigi Paganini September 13, 2016
CVE-2016-6662 – Researcher disclosed a critical MySQL Zero-Day

A security researcher disclosed a critical MySQL zero-day affecting all the default configuration of all MySQL versions including 5.5, 5.6 and 5.7. The security researcher Dawid Golunski has disclosed a critical zero-day vulnerability affecting the popular database management system (RDBMS) MySQL. The researcher decided to disclose the critical flaw because Oracle failed to release a […]