License Plate "NULL"

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets ar...

SQLMap v1.3.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

The vulnerability of the Data Store component of the Oracle Berkeley DB database management system allows a hacker to gain full control over the DBMS.

The vulnerability of the Data Store component of the Oracle Berkeley DB database management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the DBMS...

Fedora Update for postgresql FEDORA-2019-e43f49b428

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

RANGER Studio Directus Code Execution Vulnerability (CNVD-2019-39679)

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. A security vulnerability exists in the RANGER Studio Directus 7...

phpMyAdmin SQL Injection Vulnerability (CNVD-2021-45287)

phpMyAdmin is a PHP-based database management tool for MySQL on Web-Base, allowing administrators to manage MySQL databases with a Web interface. A SQL injection vulnerability exists in the designer feature of phpMyAdmin versions prior to 4.9.0.1. The vulnerability can be exploited to conduct a S...

Vulnerability Spotlight: Remote code execution bug in SQLite

Cory Duplantis of Cisco Talos discovered this vulnerability. Executive summary SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. SQLite is a client-sidedatabase management system contained i...

Buffer Overflow

PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to...

Code Execution Using A Race Condition

PostgreSQL is an advanced object-relational database management system DBMS. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause...

Arbitrary Code Execution

PostgreSQL is an advanced object-relational database management system DBMS. The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL...

[SECURITY] Fedora 29 Update: postgresql-jdbc-42.2.5-2.fc29

PostgreSQL is an advanced Object-Relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database...

Vulnerability of the Server component: The DDL system for database management in MySQL, which allows a hacker to cause a service failure.

The vulnerability of the Server component: The DDL system for database management in Oracle MySQL is related to insufficient access control. Exploiting this vulnerability may allow a malicious actor to cause service interruptions...

Vulnerability of the Server component: The Replication module of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Replication component of the Oracle MySQL database management system is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Vulnerability of the Server component: Security: Privileges of the MySQL database management system, which allows a hacker to cause a service failure

The vulnerability of the Server component: Security: Privileges of the Oracle MySQL database management system is related to insufficient access control. Exploiting this vulnerability may allow a malicious actor to cause service interruptions...

Vulnerability of the Server component: The DDL system for database management in MySQL, which allows a hacker to cause a service failure.

The vulnerability of the Server component: The DDL system for database management in Oracle MySQL is related to insufficient access control. Exploiting this vulnerability may allow a malicious actor to cause service interruptions...

phpMyAdmin SQL Injection Vulnerability (CNVD-2021-45289)

phpMyAdmin is a PHP-based database management tool for MySQL on Web-Base, allowing administrators to manage MySQL databases with a Web interface. A SQL injection vulnerability exists in the Designer feature of phpMyAdmin before 4.8.5. The vulnerability can be exploited by an attacker with a...

phpMyAdmin Arbitrary File Read Vulnerability

phpMyAdmin is a PHP-based database management tool for MySQL on Web-Base, allowing administrators to manage MySQL databases with a Web interface. An arbitrary file read vulnerability exists in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration is set to true, an attacker can...

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain full control over the application.

The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...

Vulnerability of the Server component: The Parser component of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server:Parser component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using the MySQL protocol...

phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!

Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The...