SANS ISC

[SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features

I published the following diary on isc.sans.org: “Detecting Undisclosed Vulnerabilities with Security Tools & Features“. I’m a big fan of OSSEC. This tools is an open source HIDS and log management tool. Although often considered as the “SIEM of the poor”, it integrates a lot of interesting features and is fully configurable

phpMoAdmin 0-day Nmap Script

An 0-day vulnerability has been posted on Full-Disclosure this morning. It affects the MongoDB GUI phpMoAdmin. The GUI is similar to the well-known phpMyAdmin and allows the DB administrator to perform maintenance tasks on the MongoDB databases with the help of a nice web interface. The vulnerability is critical because it allows