19 matches found
CVE-2026-44718 Mathesar: Missing collaborator checks allowed access to saved explorations in other databases
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44718
Mathesar prior to 0.10.0 contains an access control flaw: from 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifying that the requesting user is a collaborator on the exploration’s database. An authenticated user on ...
CVE-2026-44221
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...
CVE-2026-44221
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...
CVE-2026-44221 ArcadeDB: Cross-database authorization bypass and unsecured newly-created databases
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...
CVE-2026-44221 ArcadeDB: Cross-database authorization bypass and unsecured newly-created databases
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...
ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases
Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an uninitialized fileAccessMap, which...
GHSA-FXC7-FM93-6Q77 ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases
Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an uninitialized fileAccessMap, which...
Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-13057)
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...
Metabase 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4
The version of Metabase installed on the remote host is prior to Unknown. It is, therefore, affected by a Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the...
[SECURITY] Fedora 41 Update: php-adodb-5.22.10-1.fc41
ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...
CVE-2023-27859
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID:...
CVE-2023-27859
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID:...
SUSE CVE-2019-13057
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...
CVE-2021-29678
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914...
UBUNTU-CVE-2019-13057
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...
逐浪官网演示站sql注入漏洞(可跨库)
简要描述: 如题 详细说明: 63个数据库 未查看数据的性质 URL: http://demo.zoomla.cn/Plugins/Doc.aspx?id=1 GET 字符过来不严格导致注入漏洞 漏洞证明: current user: 'demozoomlaf'...
用友网站SQL Injection
简要描述: 某二级站存在注入,可报错,可跨库。 详细说明: dbo权限 漏洞证明: 报错注入:...
DVBBS7. 1 SQL Edition cross-database vulnerability-vulnerability warning-the black bar safety net
Author: Gui brother article source: www.54nb.cn Vulnerability test environment:DVBBS7. 1 SQL Affected files admin/admin. asp ..... Exploit select @@version0 to obtain the Windows version number and username='dbo' determine the current system user is not sa select username0 proof the current syste...