259 matches found
CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
Sifchain: Possible Database Details stored in values.yaml
The database details like username and database name are disclosed in the below mentioned file. Assuming a blank password since the password field was empty. File Location : https://github.com/Sifchain/sifnode/blob/740331dad061ee0f5a3cf3798d429f294b70f0ae/deploy/helm/block-explorer/values.yaml I...
PostgreSQL 操作系统命令注入漏洞
PostgreSQL is a free object-relational database management system from the Postgresql organization. The system supports most SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL, which stems from the fact that a...
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
idreamsoft iCMS Operating System Command Injection Vulnerability
idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in iCMS 7.0.14, which can be exploited by an attacker to install.php by executing arbitrary OS commands via shell metacharacters in the DB NAME parameter...
Trend Micro OfficeScan XG 信息泄露漏洞
Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities.Trend Micro OfficeScan XG is a suite of distributed anti-virus software from Trend Micro. An incorrect access control information disclosure...
The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.
...
DEBIAN-CVE-2020-10802
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...
Blinder - A Python Library To Automate Time-Based Blind SQL Injection
Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development. Installation You can install Blinder using the following command: pip install blinder Or by downloading the source and importing it...
CVE-2019-18622
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...
DEBIAN-CVE-2019-18622
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...
SUSE-SU-2019:2930-1 Security update for SUSE Manager Server 4.0
This update fixes the following issues: cobbler: - Fix for install loop caused autoinstallation profiles bsc1151875 - Update module config description to match new parameters - Add config migration script and runs it in post-install script - Fix for config backups in post install script bsc114907...
SUSE-SU-2019:2521-1 Security update for SUSE Manager Server 3.2
This update fixes the following issues: cobbler: - Jinja2 template library fix bsc1141661 pgjdbc-ng: - Allow dots in database name bsc1146416 py26-compat-salt: - Get tornado dependency from the system on SLE12 bsc1149409 - Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11 bsc1147126...
Denial Of Service (DoS)
firebird db is vulnerable to denial of service. A buffer overflow in the ibserver allows a remote attacker to crash the application via a malicious gsec command containing a long database name...
Odoo Input Validation Error Vulnerability (CNVD-2019-30574)
Odoo is an open source commercial system from the Belgian company Odoo. An input validation error vulnerability exists in the dbfilter routing component of Odoo Community 11.0 and earlier versions Enterprise and Community, which arises from the program failing to properly filter host headers and...
UBUNTU-CVE-2019-11768
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...
DEBIAN-CVE-2019-11768
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...
CVE-2019-7547
An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS...
CVE-2019-7547
An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS...
Frog CMS 0.9.5 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under...