Databasir 代码问题漏洞

Databasir is a team-oriented relational database model document management platform. A security vulnerability exists in Databasir 1.01. The vulnerability stems from the fact that during the JDBC driver download validation process, the corresponding JDBC driver download address is downloaded first...

Vulnerability fixed in PostgreSQL JDBC Driver

A vulnerability has been fixed in the PostgreSQL JDBC Driver. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code. The developers of the PostgreSQL JDBC Driver have released updates released updates to fix the vulnerability. More information can be...

PT-2021-3510 · Php +6 · Php +6

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.28 PHP versions 7.4.x through 7.4.20 PHP versions 8.0.x through 8.0.7 Description: The issue is related to insufficient input validation in the Firebird PDO driver extension. A malicious database server could...

GHSA-4MG9-VHXQ-VM7J SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

Daniel Fahlke magento-lts SQL注入漏洞

Magento lts is a long term support alternative to Magento Community Edition CE. A SQL injection vulnerability exists in Magento-lts. The vulnerability stems from insufficient handling of user-supplied data in the "lib/Varien/Db/Adapter/Pdo/Mysql.php" script when processing field names. An attacke...

UBUNTU-CVE-2014-10402

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...

UBUNTU-CVE-2014-10401

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute...

Debian: Security Advisory (DLA-2245-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Connector/J driver for MySQL Connectors in the MySQL database management system allows a hacker to cause a service failure.

The vulnerability of the Connector/J driver for MySQL Connectors in the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to cause service interruptions using the MySQL Protocol...

The vulnerability of the ConfigXmlUtils function in the JDBC driver library allows a attacker to cause a service failure.

The vulnerability of the ConfigXmlUtils function in the JDBC driver library c3p0 is related to errors in processing XML entities. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

ImpressCMS 1.3.11 - Why you should not trust PHP_SELF

We scanned the at the time current version 1.3.11 of ImpressCMS and found an unauthorized SQL Injection vulnerability. The exploit affects installations that use PDO as a database driver. The issue was fixed in version 1.4.0, though the patch does not follow best practices and might not be...

The vulnerability of the Database Gateway for ODBC component in the Oracle Database Server database management system allows a hacker to gain access to modify, add, or delete data, or to cause partial service interruption.

The vulnerability of the Oracle Database Server ODBC driver’s database server lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to remotely modify, add, or delete data, or cause a partial service failure using the OracleNet network protocol...

jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

Fedora Update for mariadb-connector-odbc FEDORA-2019-60befaed69

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 30 Update: mariadb-connector-odbc-3.1.2-1.fc30

MariaDB Connector/ODBC is a standardized, LGPL licensed database driver usi ng the industry standard Open Database Connectivity ODBC API. It supports OD BC Standard 3.5, can be used as a drop-in replacement for MySQL Connector/ODBC, and it supports both Unicode and ANSI modes...

jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

NoSQL Injection

Overview Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later. References -...

Microsoft Windows Excel Database Driver FORMULA Record Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the msexcl40.d...

Microsoft Windows Excel Database Driver Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the msexcl40.d...