330 matches found
Update Rollup 14 for System Center 2012 R2 Orchestrator
Update Rollup 14 for System Center 2012 R2 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 14 for Microsoft System Center 2012 R2 Orchestrator. This article also contains the installation instructions for this update. Issues that are fixed Update rollup...
Code injection
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...
CVE-2018-5749
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...
UPDATE: OWASP Dependency-Check 3.1.0
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.0! This release comes with...
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution Exploit
This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database OpCode 10007, however the database connectio...
SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Denial of Service Vulnerability in JeeCMS v8.1 Data Restore Function
JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program , WeChat public number / service number , column model , content model cross-customization , as well as with payment and financial settlement of the content of the e-commerce as one of the conte...
DEBIAN-CVE-2017-10788
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering 1 certain error responses from a MySQL server or 2 a loss of a network connection to a MySQL server. The...
Connection error XMM: An error occurred while getting provider information from the database.
XenMobile Mail Manager XMM when clicking "Test Connectivity" getting "Connection error: An error occurred while getting provider information from the database. This can be caused by Entity Framework using an incorrect connection string. Check the inner exceptions for details and ensure that the...
Error: "Cannot establish a connection to the database because the server cannot be found. Please..." on PVS console
Error when attempting to access the PVS console: "Cannot establish a connection to the database because the server cannot be found. Please check your database connection settings in the registry and the network path to your server...
Description of Update Rollup 2 for System Center 2012 R2 Orchestrator and Service Management Automation
Description of Update Rollup 2 for System Center 2012 R2 Orchestrator and Service Management Automation Summary This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center 2012 R2 Orchestrator and Service Management Automation SMA. Additionally, this article...
Error: "Failed, curl response = Couldn't connect to server. Could not connect to database"
After rebooting the XenMobile Server or configuring database, we see the error on CLI: "Failed, curl response = couldn't connect to server. Could not connect to database"...
Pgbouncer 1.6 Invalid User Authentication Bypass
The version of Pgbouncer running on the remote host is affected by an authentication bypass vulnerability due to a flaw in the startauthrequest function within file client.c when handling requests for invalid users. A remote attacker can exploit this issue to bypass authentication and log into...
LogicalDoc Document Managment System CE: source code security analysis report
Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...
Database Connection Issues in XenDesktop and Provisioning Services
When adding a Delivery Controller to a site, the following error appearsin the XenDesktop studio: “The services could not connect to the database. Possible reason for message: The database server may not be allowing remote connections. Ensurethe database server is setup correctly and that the...
FreeBSD : codeigniter -- SQL injection vulnerability (b7d785ea-656d-11e5-9909-002590263bf5)
The CodeIgniter changelog reports : An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions 5.0.7 with mysqlsetcharset creates a...
CVE-2015-1608
Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...
Code injection
Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...
CVE-2015-1608
Topline Opportunity Form aka XLS Opp form before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors...
CVE-2015-1608
CVE-2015-1608 affects the Topline Opportunity Form (XLS Opp form). The underlying issue is improper access restriction to database-connection strings, allowing an attacker to read cleartext credentials and email addresses via unspecified vectors. Connected sources corroborate the same description...