Moderate: Red Hat Security Advisory: rh-postgresql95-postgresql security update

An update for rh-postgresql95-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Updated postgresql packages fix security vulnerability

It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution CVE-2016-5423. It was found that PostgreSQL client programs mishandle database and role names...

postgresql: multiple issues

CVE-2016-5423 arbitrary code execution It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution. - CVE-2016-5424 privilege escalation It was found that...

UBUNTU-CVE-2015-7695

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query...

IBM DB2 10.1 < Fix Pack 5 / 10.5 < Fix Pack 6 Multiple Vulnerabilities

Binary data 9199.prm...

Hardcoded credentials

Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements...

CVE-2016-2343

Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements...

Cisco RV220W Management Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices could allow an unauthenticated, remote attacker to bypass authentication and gain administrative privileges on a targeted device. The vulnerability is due to insufficient input...

Oracle Database Server Login Access Control Bypass (CVE-2006-0547)

There exists a security bypass vulnerability in the Oracle Database Server product. The vulnerability exists due to insufficient validation of the user input in the login process. A remote attacker with valid user credentials may use this vulnerability to bypass access controls and execute SQL...

JVN#84982142: Pref Shimane CMS vulnerable to SQL injection

Pref Shimane CMS is an open-source Contents Management System CMS. Pref Shimane CMS contains an SQL injection vulnerability. Impact A logged in attacker may execute arbitrary SQL statements. Solution Update the Software Update to the latest version according to the information provided by the...

IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)

According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 6. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the IBM Global Security Kit GSKit when handling RSA temporary keys in a non-export RSA key exchange...

CVE-2013-7443

Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service crash via crafted SQL statements...

CVE-2013-7443

Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service crash via crafted SQL statements...

CVE-2013-7443

Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service crash via crafted SQL statements...

IBM DB2 10.5 <= Fix Pack 5 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 running on the remote host is version 10.5 prior or equal to Fix Pack 5. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists during the handling of SELECT statements with XML/XSLT function...

SQLite Default Value Authorization Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SQLite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DEFAULT...

ManageEngine Applications Manager IT360UtilitiesServlet SQLi

The remote host is running a version of ManageEngine Applications Manager that is affected by a SQL injection vulnerability due to improper validation of user-supplied input to the 'IT360UtilitiesServlet' servlet. A remote attacker can exploit this flaw to execute arbitrary SQL statements. Note...

IBM DB2 10.1.x < 10.1.400.770 Information Disclosure (credentialed check)

The version of IBM DB2 installed on the remote host is affected by an information disclosure vulnerability due to an unspecified flaw in the monitoring and audit features. A remote, authenticated attacker can exploit this flaw, via a crafted series of commands, to view passwords in SQL statements...

IBM DB2 9.7.x < 9.7.1000.568 Information Disclosure (credentialed check)

The version of IBM DB2 installed on the remote host is affected by an information disclosure vulnerability due to an unspecified flaw in the monitoring and audit features. A remote, authenticated attacker can exploit this flaw, via a crafted series of commands, to view passwords in SQL statements...

Command injection

OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL AF Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements...