CVE-2020-14901

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Analyze Any privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks...

Dnxfirewall - A Pure Python Next Generation Firewall Built On Top Of Linux Kernel/Netfilter

DNX Firewall is an optimized/high performance collection of applications or services to convert a standard linux system into a zone based next generation firewall. All software is designed to run in conjunction with eachother, but with a modular design certain aspects can be completely removed wi...

Network mapping does not work for Hyper-V replicas in Veeam Cloud Connect after renaming Hyper-V virtual switch

Article Applicability This article relates to a known issue documented in the Veeam Cloud Connect User Guide: After you subscribe a tenant to a Hyper-V hardware plan, you cannot rename the virtual switch in Microsoft Hyper-V infrastructure that is used by VM replicas. If you rename the virtual...

CVE-2020-15099

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...

CVE-2020-15099 Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...

Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: XML external entity XXE vulnerability in PgSQLXML CVE-2020-13692 This update...

SRS Simple Hits Counter <= 1.0.4 - Unauthenticated Blind SQL Injection

Alex Peña from Tenable discovered a blind SQL injection which could allow unauthenticated remote attackers to retrieve data from the DBMS. Note: The vendor attempted a fix in v1.0.4, which is incomplete. PoC The PoC will be displayed once the issue has been remediated...

Engel & Völkers Technology GmbH: SQL Injection at /displayPDF.php (printshop.engelvoelkers.com)

Intro An SQL injection has been identified. Through this vulnerability an attacker could execute arbitrary SQL statements compromising the integrity of the database and obtain sensitive information, violating the confidentiality of the data. Given the great impact of the vulnerability and...

MariaDB Connector/C OK Packet Content Validation Error Vulnerability

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL using the Maria storage engine.Connector/C is one of the connectors used to connect C/C++ applications to MariaDB and MySQL databases. A security vulnerability exists in the...

The vulnerability of the RDBMS/Optimizer component of the Oracle Database Server system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the RDBMS/Optimizer component of the Oracle Database Server system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the Oracle Net protocol...

SQLiteODBC Competitive Conditions Issue Vulnerability

SQLite is the United States D. Richard Hipp D. Richard Hipp individual developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in SQLiteODBC version...

Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Software Link: https://sourceforge.net/projects/macs-framework/files/latest/download CVE: N/A Document Title: =============== Macs Framework v1.14f CMS - Multiple Web...

Adive Framework Cross-Site Scripting Vulnerability (CNVD-2020-04937)

Adive Framework is a PHP-based MySQL database management framework . A cross-site scripting vulnerability exists in Adive Framework. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-si...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves errors in resource release. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to the use of an unreliable path, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server lies in the use of an unreliable path. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information by downloading a malicious library...

Fedora Update for phpMyAdmin FEDORA-2019-644b438f51

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

The vulnerability of the IBM DB2 database management system, related to privilege management errors, allows a perpetrator to elevate their privileges.

The vulnerability of the IBM DB2 database management system is related to privilege management errors. Exploiting this vulnerability can allow an attacker to enhance their privileges...

[SECURITY] Fedora 30 Update: phpMyAdmin-4.9.2-1.fc30

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 29 Update: phpMyAdmin-4.9.1-1.fc29

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...