Showing 30 results for: Database Security ×

Raiding the Piggy Bank: Webshell Secrets Revealed

Introduction A recent investigation into credit card fraud that was enabled by a webshell revealed several interesting methods used by the attacker. These methods are the subject of this blog, as well as providing some suggestions on what E-commerce companies...

Database Security Knowledgebase Update 5.06

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.06 includes new and updated checks for IBMDB2 LUW, Microsoft SQL Server and SAP (Sybase) ASE. New Vulnerability and Configuration Check Highlights IBMDB2 LUW Restrict Access to SYSCAT.AUDITPOLICIES...

Database Security Knowledgebase Update 5.05

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.05 includes new and updated checks for MySQL. New Vulnerability and Configuration Check Highlights MySQL Locked Accounts Check for accounts that have been locked Risk: Informational Relevant CVEs:...

Database Security Knowledgebase Update 5.04

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.04 includes new checks for SAP (Sybase) ASE, Microsoft SQL Server, MySQL and Oracle, and updated checks for Microsoft SQL Server. New Vulnerability and Configuration Check Highlights SAP...

SAP ASE file creation vulnerability (CVE-2016-6196)

Recently SAP released a patch for an Adaptive Server Enterprise vulnerability that allows legitimate database users to create files on disk where the server process can write to. This is useful when doing a chained database attack - first create...

Database Security Knowledgebase Update 5.03

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.00 includes new checks for Microsoft SQL Server, MySQL, Oracle and Teradata and new CIS policies for MySQL v1.0.2 and Oracle 11gR2 v2.0.0. New Vulnerability and Configuration Check...

Database Security Knowledgebase Update 5.02

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.02 includes new checks for Microsoft SQL Server and SAP (Sybase) ASE New Vulnerability and Configuration Check Highlights Microsoft SQL Server Orphaned users Examines for orphaned users. Risk:...

About SAP ASE DSAM SQL Injection (CVE-2016-4013)

SAP introduced a new feature in SP02 for Adaptive Server Enterprise 16.0 that provides support for Data Store Access Management (DSAM). This is perfect example of new functionality introducing new vulnerabilities. The new DSAM implementation suffers from an SQL injection...

Database Security Knowledgebase Update 5.01

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.01 includes new checks for MySQL, Oracle and SAP (Sybase) ASE and updated checks for MySQL and SAP (Sybase) ASE. New Vulnerability and Configuration Check Highlights MySQL Critical...

Database Security Knowledgebase Update 5.00

This month's update for Database Security Knowledgebase is now available. Knowledgebase version 5.00 includes new checks for Microsoft SQL Server, MySQL, Oracle and Teradata and new CIS policies for MySQL v1.0.2 and Oracle 11gR2 v2.0.0. New Vulnerability and Configuration Check...

AppDetectivePRO and DbProtect Knowledgebase Update 4.54

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.54 includes new support for SAP (Sybase) Adaptive Server Enterprise (ASE) version 16.0, a new check for Oracle Database encryption, updated checks for SAP (Sybase) ASE...

AppDetectivePRO and DbProtect Knowledgebase Update 4.53

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available. Knowledgebase version 4.53 includes new checks for Microsoft SQL Server, MySQL and Oracle Database, as well as, updated checks for IBM DB2 for Linux, UNIX and Windows (LUW)...

Debugging SAP ASE .NET Provider Issues

I've recently been chasing a bug that made it impossible to call one built-in stored procedure within SAP Adaptive Server Enterprise (ASE) .NET provider. The procedure in question is sp_loginconfig which exists only on ASE running on Windows platforms. If...