CVE-2018-13024

MetInfo v6.0.0 is affected by a remote code execution vulnerability that allows an attacker to write PHP code to a file via the module parameter to admin/column/save.php in an editor upload action. Affected component: MetInfo CMS, version 6.0.0. The underlying issue is the ability to write to a ....

Security Bulletin: IBM® DB2® LUW contains a vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. (CVE-2014-6209)

Summary IBM DB2 contains a denial of service vulnerability in which an ALTER TABLE statement on identity column may cause the DB2 server to terminate abnormally. Vulnerability Details CVE-ID: CVE-2014-6209 DESCRIPTION: IBM DB2 contains a denial of service vulnerability. A remote, authenticated DB...

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

DEBIAN-CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

UBUNTU-CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-09388)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS version 7.0. A remote attacker can add Column with the help of /admincp.php?app=articlecategory&do=save&frame=iPHP to exploit the...

codekabinett.com XSS vulnerability

Open Bug Bounty ID: OBB-582948 Description| Value ---|--- Affected Website:| codekabinett.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Oracle Database Attacking Tool: ODAT

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...

Information Disclosure

Apache Hive Query Language is vulnerable to information disclosure. The vulnerability is possible because it does not enforce the policy to restrict users from creating views on tables with column masking rules defined...

activerecord vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a...

SQL Injection Vulnerability in quote_table_name in rails/activerecord

Multiple SQL injection vulnerabilities in the quotetablename method in the ActiveRecord adapters in activerecord/lib/activerecord/connectionadapters in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a craft...

DEBIAN-CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

DEBIAN-CVE-2017-15570

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...

CVE-2017-15571

CVE-2017-15571 affects Redmine prior to 3.2.8, 3.3.x prior to 3.3.5, and 3.4.x prior to 3.4.3. The vulnerability is a cross-site scripting (XSS) flaw in app/views/issues/_list.html.erb caused by crafted column data, enabling injection of HTML/script in affected deployments. Connected sources conf...

CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/list.html.erb via crafted column data...

ALPINE-CVE-2017-15286

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where sqlite3steppStmt==SQLITEROW is false and a data structure is never initialized...