94 matches found
WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Run the command: curl -i -s -k -X POST --data-binary...
PT-2023-8402 · WordPress · Wordpress Database Administrator
Name of the Vulnerable Software and Affected Versions: WordPress Database Administrator plugin versions 1.0.3 and earlier Description: The issue is related to a SQL injection problem. It occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement via an...
PT-2023-3643 · Oracle · Oracle Database Server
Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.19 Oracle Database Server versions 21.3 through 21.10 Description: The issue is related to insufficient input validation in the Unified Audit component of Oracle Database Server. It allows a...
PT-2023-13619 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions 6.4.x through 6.9.x Description: A low-privileged Sage 300 workstation user could abuse their access to the SharedData folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300...
CVE-2023-29257
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...
Remote code execution
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...
CVE-2023-29257 IBM Db2 code execution
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...
CVE-2023-29257
CVE-2023-29257 affects IBM Db2 on Linux/UNIX/Windows (including Db2 Connect) across 10.5, 11.1 and 11.5. Description: remote code execution where a DBA of one database may execute code or read/write files in another database within the same instance. CVSS base score 7.2 (HIGH). Remediation: upgra...
CVE-2023-21918
Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle...
Vulnerability fixed in phpMyAdmin
A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Application...
PT-2023-1247 · Oracle · Oracle E-Business Suite
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Java utils component of Oracle Applications DBA, part of the Oracle E-Business Suite. This can allow a remote...
CVE-2022-46763
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code...
Sql injection
SQL Injection vulnerability in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailabl...
CVE-2022-34876
CVE-2022-34876 is a SQL injection vulnerability in VICIdial 2.14b0.5 prior to SVN revision 3555. It affects vicidial/admin.php through modify_email_accounts, access_recordings, and agentcall_email, allowing an attacker to spoof identities, tamper or disclose data, destroy data, or assume database...
CVE-2021-38459
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...
CVE-2021-38475
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...
AUVESY Versiondog 安全漏洞
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog, which could be exploited by attackers to gain SYSDBA privileges...
CVE-2021-38475
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...
CVE-2021-2173
Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recover...