Application Security //

Database Security

10/29/2010
03:04 PM
Dark Reading
Dark Reading
Slideshows
50%
50%

Slideshow: The 10 Most Common Database Vulnerabilities

AppSec's Team SHATTER shares the top 10 database vulnerabilities it sees most commonly plaguing organizations over and over again
Previous
1 of 10
Next


Removing default, blank and weak log-in credentials is an important first step for filling chinks in your database armor.

Image courtesy of Active Experts

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15473
PUBLISHED: 2018-08-17
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVE-2018-15471
PUBLISHED: 2018-08-17
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or c...
CVE-2018-6622
PUBLISHED: 2018-08-17
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can...
CVE-2018-14057
PUBLISHED: 2018-08-17
Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.
CVE-2018-14058
PUBLISHED: 2018-08-17
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.