The vulnerabilities of IBM DB2 database management systems, including IBM DB2 Connect, are caused by synchronization errors when using shared resources, allowing attackers to alter the configuration of DB2.

The vulnerability of IBM DB2 database management systems and IBM DB2 Connect stems from synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to alter the configuration of DB2...

GaussDB Kernel: Checking the OPRADMIN Permission

A role with the OPRADMIN permission can use Roach to perform backup and restoration. To avoid arbitrary database file backup, delete roles that do not require the OPRADMIN permission. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and...

Fedora 32 : wordpress (2020-b386fac43a)

WordPress 5.5.3 Maintenance Release This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. ---- WordPress 5.5.2 Security and Maintenance Release Security Updat...

Fedora 31 : wordpress (2020-15e15c35da)

WordPress 5.5.3 Maintenance Release This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. ---- WordPress 5.5.2 Security and Maintenance Release Security Updat...

Unauthorized Access Vulnerability in Alibaba Druid Monitor

Druid is a JDBC component library , including database connection pools , SQL Parser and other components . An unauthorized access vulnerability exists in Alibaba Druid Monitor, which can be exploited by an attacker to obtain sensitive information...

PYSEC-2020-223

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

Code injection

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...

CVE-2020-14027

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...

CVE-2020-14027

CVE-2020-14027 affects Ozeki NG SMS Gateway up to version 4.17.6, where database connection strings accept custom unsafe arguments (e.g., ENABLE_LOCAL_INFILE). This enables MySQL LOAD DATA LOCAL INFILE attacks via rogue servers. The connected sources confirm the vulnerable component as the databa...

SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Authentication Bypass

dweeves/magmi is susceptible to authentication bypass. It is possible because it uses a default login magmi:magmi basic authentication when a database connection failure is introduced by a malicious user by sending 151 simultaneous requests to the Magento website, leading to a "Too many...

CVE-2020-5777

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting maxconnections default 151 is lower than Apache or...

Authentication flaw

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting maxconnections default 151 is lower than Apache or...

CVE-2020-5777

MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting maxconnections default 151 is lower than Apache or...

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...

ThinkPHP has an information leakage vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. ThinkPHP suffers from an information disclosure vulnerability. Attackers can use this vulnerability to obtain the database account and password, and successfully connect to...

Fedora 31 : glpi (2020-885e2343ed)

Last Upstream release, including among others : - security Prevent execution of SQL injection while assigning a technician, - security Permit to change key used to store passwords, - security Improve CSRF token, - security Fix several possible XSS, - security Fix a few possible SQL injections, -...

SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Default credentials

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save...

CVE-2019-16210

Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save...