109 matches found
Progress Software DataDirect Connect 缓冲区错误漏洞
Progress Software DataDirect Connect is a data connectivity solution from Progress Software, Inc. that can run in the cloud or locally. A security vulnerability previously existed in Progress Software DataDirect Connect version 08.02.2770, which stemmed from the fact that an overly large value fo...
CVE-2023-34364
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an...
Hoppscotch 日志信息泄露漏洞
Hoppscotch is an open source Api development ecosystem. A log information disclosure vulnerability exists in Hoppscotch versions prior to 2023.4.5, which stems from a database password being exposed in the log when a database connection string is displayed...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
PT-2023-13979 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The optional Web Screens feature uses a hard-coded 40-byte blowfish key PASS KEY to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2023-25263
In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...
Stimulsoft 安全漏洞
Stimulsoft Stimulsoft Reports is an excellent set of reporting components for the .NET platform from Stimulsoft. NET platform for processing reports in JavaScript applications. A security vulnerability exists in Stimulsoft that stems from the ability to decrypt any connection string stored in an...
SUSE CVE-2011-1145
The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...
PT-2022-5987 · Aveva · Aveva Edge
Name of the Vulnerable Software and Affected Versions: AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior Description: The issue allows a client to provide a malicious connection string, potentially enabling an adversary to port scan the LAN based on the hosts' responses. This is...
The vulnerability of the gfix utility in the “Red Database” database management system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the gfix utility in the “Red Database” database management system is related to deficiencies in password masking during user login when the -f command is used as an argument passed to the utility. Exploiting this vulnerability can allow an attacker, operating remotely, to gai...
[SECURITY] [DLA 2912-1] libphp-adodb security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2912-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 06, 2022 https://wiki.debian.org/LTS -...
GHSA-65MJ-7C86-79JF Authentication Bypass in ADOdb/ADOdb
Impact An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes. Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc. Patches...
UBUNTU-CVE-2022-23221
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...
CVE-2021-42956
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dum...
CVE-2021-41395
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...
qdPM 9.2 - Password Exposure (Unauthenticated)
Exploit Title: qdPM 9.2 - DB Connection String and Password Exposure Unauthenticated Date: 03/08/2021 Exploit Author: Leon Trappett thepcn3rd Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: Ubuntu 20.04 Apache2...
SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2020:3630-1)
This update for postgresql12 fixes the following issues : Upgrade to version 12.5 : CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. CVE-2020-25694, bsc1178667: a Fix usage of complex...
Arbitrary Code Execution
Gnome Batalla Naval is vulnerable to arbitrary code execution. Remote attackers could execute arbitrary code via a long connection string...
openSUSE Security Update : postgresql12 (openSUSE-2020-2029)
This update for postgresql12 fixes the following issues : - Upgrade to version 12.5 : - CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. - CVE-2020-25694, bsc1178667: a Fix usage of complex...