Security Bulletin: A security vulnerability has been identified in IBM Tivoli Storage Manager that affects multiple IBM Tivoli Storage products (CVE-2016-0371)

Summary The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager HSM for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, and IBM Tivoli Storage Manager for Virtual...

Security Bulletin: SQL Server Password Disclosure via IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (CVE-2016-3059)

Summary When using IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server or IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server, the Microsoft SQL Server's user ID and password is presented in plain text via task completion status details available within th...

Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (CVE-2016-2542)

Summary InstallShield generates installation executables which are vulnerable to a DLL-planting that affects IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server IBM Spectrum Protect for Databases on Windows platforms. Vulnerability Details CVEID: CVE-2016-2542...

Security Bulletin: Additional Password Disclosure via application tracing in FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-7404

Summary The Tivoli Storage Manager TSM password is displayed in plain text via application trace output when the "Change TSM Password" changetsmpassword command is used and application tracing is enabled. Vulnerability Details CVEID: CVE-2015-7404 DESCRIPTION: When using one of the following...

PT-2018-3902 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.11 and prior Description: The issue is related to insufficient access control in the MySQL Server component, specifically in the Shell: Core / Client subcomponent. This allows an attacker with low privileges and logo...

Security Bulletin: A security vulnerability has been identified in Micosoft SQL Server Express shipped with IBM Robotic Process Automation with Automation Anywhere CVE-2014-3566

Summary Microsoft SQL Server Express 2014 is shipped with IBM Robotic Process Automation with Automation Anywhere. Information about a security vulnerability affecting Microsoft SQL Server Express 2014 has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

Virtualization-based security (VBS) memory enclaves: Data protection through isolation

The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution...

CVE-2016-10554

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

Sql injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

Code injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

CVE-2016-10550

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequeliz...

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

CVE-2016-10553

CVE-2016-10553 affects the Node.js ORM sequelize . The vulnerability is a SQL Injection when user input is concatenated into queries, specifically in patterns like findOne or where: "user input". Affected versions are the pre-3.0 releases; the recommended fix is to upgrade to version 3.0.0 or lat...

Starbucks: SQL Injection Proof of Concept for Starbucks URL

browser: firefox quantum 60.0.1 64 bit os: windows 10 sqli type: char formula injection info found: oracle database system url: https://www.starbucks.de/coffee/our-coffees/format/whole-bean injected url using oracle concatenation and char functions:...

Sql injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...

CVE-2016-10556

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...

CVE-2016-10556

CVE-2016-10556 affects the Sequelize ORM for Node.js (v3.19.3 and earlier). The issue: when an array is used as a string in a query, Sequelize incorrectly escapes it, causing a SQL injection in Postgres, SQLite, and MSSQL. The PoC shows a crafted replacements value leading to a query like: SELECT...

CVE-2016-10556

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...