RDS 漏洞列表

View dashboard with guest login.

A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.

WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.

Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.

JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php.

The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.

One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.

Encryption in transit for Alibaba Cloud RDS is disabled, exposing data transmission to potential interception and unauthorized access.

SQL auditing is disabled on the RDS Database instances, meaning activities such as user queries and connection events are not logged. This may hinder the ability to track database activity, detect suspicious behavior, and comply with security auditing requirements.

Ensure that your Amazon RDS database instances have the Auto Minor Version Upgrade flag enabled in order to receive automatically minor engine upgrades during the specified maintenance window.

Ensure that your Amazon RDS database instances have automated backups enabled for point-in-time recovery.

Ensure that the Backtrack feature is enabled for your Amazon Aurora (with MySQL compatibility) database clusters in order to backtrack your clusters to a specific time, without using backups.

Ensure that your Amazon RDS database instances have automated backups enabled for point-in-time recovery.

Ensure that all your provisioned Amazon Aurora database clusters are protected from accidental deletion by having the Deletion Protection feature enabled at the Aurora cluster level.

Ensure that your Amazon RDS database instances make use of the Copy Tags to Snapshots feature in order to allow tags set on your database instances to be automatically copied to any automated or manual database snapshots that are created from these RDS instances.

Ensure Amazon RDS instances have Deletion Protection enabled to prevent accidental deletions.

Ensure that your Amazon RDS database instances are encrypted to fulfill compliance requirements for data-at-rest encryption.

Checks for the activation of event notifications for Amazon RDS instances to monitor significant database events.

Ensures Amazon RDS event notifications are enabled for database instance level events, allowing for real-time alerts on operational changes.

Ensure RDS event notification subscriptions are active for database security group events to monitor and react to changes in security configurations.

Ensure Amazon RDS instances use General Purpose SSDs for cost-effective storage suitable for a wide range of workloads, except for applications needing over 10000 IOPS or 160 MiB/s throughput.

Ensure that your Amazon RDS MySQL and PostgreSQL database instances have the Performance Insights feature enabled in order to allow you to obtain a better overview of your databases performance as well as help you to identify potential performance issues.

Ensure that the Storage AutoScaling feature is enabled for your Amazon RDS database instances in order to provide dynamic scaling support for the database's storage based on your RDS application needs.

Ensure that your Amazon RDS database instances have the Log Exports feature enabled in order to publish database log events directly to CloudWatch Logs.

Ensure that your Amazon RDS instances are using the Multi-AZ deployment configuration for high availability and automatic failover support, fully managed by AWS.

Check for any public-facing Amazon RDS database instances provisioned within your AWS cloud account and restrict unauthorized access in order to minimize security risks.

Checks if AWS RDS database snapshots are publicly accessible, risking exposure of sensitive data.

Ensure Amazon RDS database instances are not provisioned in VPC public subnets to avoid direct Internet exposure.

Identifies failed RDS Reserved Instance purchases due to payment failures, affecting potential cost savings.

Ensure Amazon RDS database snapshots are encrypted for data-at-rest compliance within AWS environments.

Ensure that dangling DNS records are removed from your public Cloud DNS zones in order to maintain the integrity and authenticity of your domains/subdomains and to protect against domain hijacking.

Ensure that Remote Data Services (RDS) are either removed or not configured to reduce the risk of denial-of-service attacks or remote execution of administrative commands. Compliance is met if any of the following conditions are true: - IIS is not installed or in use, - The default website does not include the /msadc virtual directory, or - The relevant ADCLaunch registry keys associated with RDS are not present.

Checks if passwords are stored in memory in plaintext, potentially exposing sensitive information to unauthorized memory access.

Checks if the system is set to store passwords using reversible encryption, which is equivalent to plaintext storage.

Verifies if the system allows sending unencrypted passwords to third-party SMB servers, which is a security risk.

A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.

WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.

Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.

JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php.

The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.

One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2.

NGINX internal information, shards page exposed.

zabbix-dashboards-access guest login credentials were successful.

WordPress Aspose Words Exporter prior to version 2.0 is vulnerable to local file inclusion.

The qname, i_qwiz, session_id and username parameters passed to the registration_complete.php file are affected by XSS issues.

LoveCardsV2是一款使用PHP构建的告白墙（交流墙）程序，以ThinkPHP为基础框架。在 LoveCardsV2 2.3.2 及更高版本中发现一个漏洞，并被归类为严重漏洞。此问题影响路由 /api/upload/image 的一些未知处理。对参数文件的操作会导致任意文件上传。

Oracle JD EdwardsProducts是美国甲骨文（Oracle）公司的一套全面集成的企业资源计划管理软件套件（ERP）。该产品提供财务管理、项目管理和资产生命周期管理等应用模块。JDEdwards EnterpriseOne Tools是其中的一个用于安装、更新和管理JD Edwards EnterpriseOne应用程序的组件。Oracle JD Edwards中的JD Edwards EnterpriseOne Tools 9.2版本的Monitoring andDiagnostics组件存在安全漏洞。攻击者可利用该漏洞控制JD Edwards EnterpriseOne Tools，影响数据的可用性、保密性和完整性。

【漏洞对象】Microhard Systems 3G/4G 蜂窝以太网设备 【漏洞描述】 Microhard Systems3G/4G蜂窝以太网和串行网关设备/cgi-bin/webif/system-crontabs.sh文件身份验证绕过漏洞能以管理员身份登录后台。

WebCards是一个功能强大易于使用的网站电子卡系统。 WebCards 1.3版本中的"添加图像宏指令" 存在未限制文件上传漏洞。远程认证管理员可以通过先上传一个带有可执行性扩展名的文件，然后再借助对该文件的一个直接请求来访问它，从而实现任意代码执行。