8 matches found
CVE-2026-6938
IBM Db2 12.1.0–12.1.4 is vulnerable to an authorization bypass when uploading to a remote object storage path using a special query. The root cause is improper authorization (CWE-285). Affected products/versions: IBM Db2 Server 12.1.0–12.1.4 on Linux/Unix. Impact: authorization bypass potential d...
CVE-2026-44221 ArcadeDB: Cross-database authorization bypass and unsecured newly-created databases
ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...
Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-13057)
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...
Database Authorization Bypass
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
Joomla Component eXtroForms 2.1.5 - filter_type_id SQL Injection
Joomla Component eXtroForms 2.1.5 - filtertypeid SQL Injection Exploit Title: Joomla Component eXtroForms 2.1.5 - 'filtertypeid' SQL Injection Dork: N/A Date: 2018-08-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://extro.media/ Software Link:...
Online Quiz Maker 1.0 - catid SQL Injection
Online Quiz Maker 1.0 - catid SQL Injection Exploit Title: Online Quiz Maker 1.0 - 'catid' SQL Injection Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/quiz-maker.php Software...
CVE-2014-5405 Hospira MedNet Use of Hard-coded Password
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...