73 matches found
OPF OpenProject Activities API SQL Injection (CVE-2019-11600)
A SQL injection vulnerability has been reported in OpenProject. This vulnerability can be exploited by sending crafted HTTP requests to a vulnerable application. Successful exploitation could lead to arbitrary SQL statement execution in the security context of database service...
Zoho ManageEngine OpManager SQL Injection (CVE-2018-17823; CVE-2018-17283)
An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the name parameter when processing requests sent. Successful exploitation could lead to arbitrary SQL code execution in the security context of database service...
Zoho ManageEngine OpManager SQL Injection (CVE-2018-9088)
An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the parameter in Java class. Successful exploitation could lead to arbitrary code execution in the security context of database service...
Arbitrary File Read Vulnerability in AWS RDS Service
Amazon RDS Service is an RDS service from Amazon that enables you to easily set up, operate, and scale relational databases in the cloud. An arbitrary file read vulnerability exists in AWS RDS Service, which can be exploited by an attacker to read arbitrary files...
Arbitrary File Read Vulnerability in NetEase Cloud RDS Service
NetEase Cloud RDS is a stable, reliable and elastic scalable online relational database service. An arbitrary file read vulnerability exists in the NetEase Cloud RDS service, which can be exploited by an attacker to read arbitrary files...
Oracle TNS Listener VSNNUM Version Remote Information Disclosure
It was possible to extract the version number of the remote Oracle TNS Transparent Network Substrate listener remotely by sending an unauthenticated request to the TNS listener service operating on this port. This information could aid an attacker. Note that the version of the TNS listener does n...
Microsoft Windows 10: Enable computer and user accounts to be trusted for delegation
This policy setting determines which users can set the Trusted for Delegation setting on a user or computer object. Security account delegation provides the ability to connect to multiple servers, and each server change retains the authentication credentials of the original client. Delegation of...
NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases
Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 4 Multiple Vulnerabilities
SolarWinds Log and Event Manager LEM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Completely remove WSUS 3.0 approach-vulnerability warning-the black bar safety net
Upgrade the domain controller or demote a domain controller, wsus services usually fail, only by hand to completely remove wsus3. 0 and then re-install, the following is the result of several attempts later summed up the detailed operation of the steps of: 1, the...
MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
A bug in the version of MySQL running on the remote host allows a remote attacker to bypass the password authentication mechanism using a specially crafted packet with a zero-length scramble buff string. An attacker with knowledge of an existing account defined to the affected service can leverag...
Firebird Default Credentials (Firebird Protocol)
It is possible to connect to the remote database service using default credentials. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
CVE-2007-2281
Integer overflow in the ncp32.NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter...
SAP MaxDB Remote Arbitrary Commands Execution (CVE-2008-0244)
SAP MaxDB is an open source relational database management system RDBMS developed and supported by SAP AG. MaxDB is targeted for large SAP environments such as mySAP Business Suite and other applications that require enterprise level database functionality. MaxDB is available for the most promine...
Database settings
This plugin just sets global variables SID, SERVICENAME, etc., and does not perform any security checks. TRUSTED...
Yosemite Backup Service Driver Detection
The remote host is running Yosemite Backup, a commercial backup solution for Windows, Linux, and Novell NetWare and targetting small-to-medium sized businesses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid34756...
Openlink Virtuoso Server Detection
Openlink Virtuoso Server, a hybrid database server available as a commercial as well as an open source product is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid33588; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate...
CVE-2008-1910
Stack-based buffer overflow in the database service ibserver.exe in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244...
CVE-2008-1910
Stack-based buffer overflow in the database service ibserver.exe in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244...
SQL Anywhere Broadcast Repeater Detection
The remote service is a SQL Anywhere Broadcast Repeater, which allows SQL Anywhere clients to find SQL Anywhere database servers running on other subnets and through firewalls. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid31717; scriptversion"1.8";...