Lucene search
+L

259 matches found

NVD
NVD
added 2021/06/01 2:15 p.m.31 views

CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...

7.2CVSS0.0046EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/05/17 4:38 p.m.21 views

Sifchain: Possible Database Details stored in values.yaml

The database details like username and database name are disclosed in the below mentioned file. Assuming a blank password since the password field was empty. File Location : https://github.com/Sifchain/sifnode/blob/740331dad061ee0f5a3cf3798d429f294b70f0ae/deploy/helm/block-explorer/values.yaml I...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.6 views

PostgreSQL 操作系统命令注入漏洞

PostgreSQL is a free object-relational database management system from the Postgresql organization. The system supports most SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL, which stems from the fact that a...

7.2CVSS6AI score0.0046EPSS
Exploits0References2
OSV
OSV
added 2020/12/10 11:15 p.m.3 views

CVE-2020-19527

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...

9.8CVSS6AI score0.01534EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/12/10 12:0 a.m.8 views

idreamsoft iCMS Operating System Command Injection Vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in iCMS 7.0.14, which can be exploited by an attacker to install.php by executing arbitrary OS commands via shell metacharacters in the DB NAME parameter...

10CVSS7.4AI score0.01534EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/11/18 12:0 a.m.8 views

Trend Micro OfficeScan XG 信息泄露漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities.Trend Micro OfficeScan XG is a suite of distributed anti-virus software from Trend Micro. An incorrect access control information disclosure...

5.3CVSS6AI score0.03206EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2020/09/25 12:0 a.m.4 views

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

...

5CVSS7AI score0.02126EPSS
Exploits0
OSV
OSV
added 2020/03/22 5:15 a.m.3 views

DEBIAN-CVE-2020-10802

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...

8CVSS8.4AI score0.02115EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/01/29 9:5 p.m.137 views

Blinder - A Python Library To Automate Time-Based Blind SQL Injection

Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development. Installation You can install Blinder using the following command: pip install blinder Or by downloading the source and importing it...

8.2AI score
Exploits0References1
OSV
OSV
added 2019/11/22 9:15 p.m.21 views

CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...

9.8CVSS7.4AI score
Exploits0References6
OSV
OSV
added 2019/11/22 9:15 p.m.3 views

DEBIAN-CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature...

9.8CVSS8.8AI score0.02579EPSS
Exploits0References1
OSV
OSV
added 2019/11/07 4:52 p.m.10 views

SUSE-SU-2019:2930-1 Security update for SUSE Manager Server 4.0

This update fixes the following issues: cobbler: - Fix for install loop caused autoinstallation profiles bsc1151875 - Update module config description to match new parameters - Add config migration script and runs it in post-install script - Fix for config backups in post install script bsc114907...

8.8CVSS7.4AI score0.0484EPSS
Exploits0References63
OSV
OSV
added 2019/10/02 12:50 p.m.9 views

SUSE-SU-2019:2521-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: cobbler: - Jinja2 template library fix bsc1141661 pgjdbc-ng: - Allow dots in database name bsc1146416 py26-compat-salt: - Get tornado dependency from the system on SLE12 bsc1149409 - Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11 bsc1147126...

8.8CVSS7.3AI score0.0484EPSS
Exploits0References28
Veracode
Veracode
added 2019/07/12 5:54 a.m.16 views

Denial Of Service (DoS)

firebird db is vulnerable to denial of service. A buffer overflow in the ibserver allows a remote attacker to crash the application via a malicious gsec command containing a long database name...

5CVSS6.4AI score0.11873EPSS
Exploits1References13Affected Software1
CNVD
CNVD
added 2019/07/02 12:0 a.m.4 views

Odoo Input Validation Error Vulnerability (CNVD-2019-30574)

Odoo is an open source commercial system from the Belgian company Odoo. An input validation error vulnerability exists in the dbfilter routing component of Odoo Community 11.0 and earlier versions Enterprise and Community, which arises from the program failing to properly filter host headers and...

6.5CVSS6.7AI score0.01808EPSS
Exploits0References1
OSV
OSV
added 2019/06/05 5:29 a.m.11 views

UBUNTU-CVE-2019-11768

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...

9.8CVSS7.3AI score0.04196EPSS
Exploits0References5
OSV
OSV
added 2019/06/05 5:29 a.m.2 views

DEBIAN-CVE-2019-11768

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...

9.8CVSS9.4AI score0.04196EPSS
Exploits0References1
OSV
OSV
added 2019/02/06 9:29 p.m.3 views

CVE-2019-7547

An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS...

4.8CVSS5.8AI score0.0067EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/02/06 9:0 p.m.15 views

CVE-2019-7547

An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS...

4.8AI score0.0067EPSS
Exploits1References1
0day.today
0day.today
added 2019/01/02 12:0 a.m.38 views

Frog CMS 0.9.5 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under...

3.5CVSS0.3AI score0.01677EPSS
Exploits5
Rows per page
Query Builder