Alireza Gharib Blog

DBShield is a Database Firewall written in Go that has protection for MySQL/MariaDB, Oracle and PostgreSQL databases. It works in a proxy fashion inspecting traffic and dropping abnormal queries after a learning period to populate the internal database with regular queries. Learning mode lets any query pass but it records information about it (pattern, username,…

HexorBase is a database application designed to administer and to audit multiple database servers simultaneously from a centralised location, it is capable of performing SQL queries and brute-force attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL). It allows packet routing through proxies or even Metasploit pivoting antics to communicate with remotely…

BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has…

DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to…

Posted by CISA on Mar 28 Cybersecurity and Infrastructure Security Agency (CISA) – Defend Today, Secure Tomorrow You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated and is now available. Apple Releases Security Updates for Multiple Products [ https://www.cisa.gov/news-events/alerts/2023/03/28/apple-releases-security-updates-multiple-products ] 03/28/2023 01:00 PM EDT Apple… Go…

Posted by CISA on Mar 23 Cybersecurity and Infrastructure Security Agency (CISA) – Defend Today, Secure Tomorrow You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available. CISA Releases Six Industrial Control Systems Advisories [ https://www.cisa.gov/news-events/alerts/2023/03/23/cisa-releases-six-industrial-control-systems-advisories ] 03/23/2023 08:00 AM EDT… Go to…

Posted by CISA on Mar 21 Cybersecurity and Infrastructure Security Agency (CISA) – Defend Today, Secure Tomorrow You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available. CISA Releases Eight Industrial Control Systems Advisories [ https://www.cisa.gov/news-events/alerts/2023/03/21/cisa-releases-eight-industrial-control-systems-advisories ] 03/21/2023 08:00 AM… Go to Source

Posted by CISA on Mar 21 Cybersecurity and Infrastructure Security Agency (CISA) – Defend Today, Secure Tomorrow You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available. CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management [… Go to…

CVE ID : CVE-2025-0171 Published : Jan. 2, 2025, 3:15 p.m. | 54 minutes ago Description : A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the…

CVE ID : CVE-2024-56137 Published : Jan. 2, 2025, 3:15 p.m. | 54 minutes ago Description : MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of…