Lucene search
K

46 matches found

UbuntuCve
UbuntuCve
added 2021/01/06 1:15 p.m.24 views

CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

9.8CVSS7.8AI score0.02556EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/01/06 12:56 p.m.28 views

CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

9.7AI score0.02556EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/01/06 12:56 p.m.18 views

CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

9.8CVSS9.7AI score0.02556EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/12/15 5:27 p.m.2 views

mysql: C API unspecified vulnerability (CPU Apr 2020)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

5.3CVSS6.8AI score0.02317EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/09/04 12:0 a.m.28 views

Debian DLA-2363-1 : asyncpg security update

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder. For Debian 9 stretch, this problem has been fixed in version...

9.8CVSS8.6AI score0.02417EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2020/09/01 8:19 p.m.136 views

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Researchers have disclosed two flaws that could enable remote code execution attacks on the Magento Mass Import Magmi plugin, an open source database client that imports data into Magento. Magmi is a Magento database client written in PHP, which is used to perform raw bulk operations on the model...

7.5CVSS9.1AI score0.23897EPSS
Exploits0References21
NVD
NVD
added 2020/08/12 4:15 p.m.29 views

CVE-2020-17446

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

9.8CVSS9.5AI score0.02417EPSS
Exploits0References2
Prion
Prion
added 2020/08/12 4:15 p.m.21 views

Code injection

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

7.5CVSS9.5AI score0.02417EPSS
Exploits0References2Affected Software2
Debian CVE
Debian CVE
added 2020/08/12 3:56 p.m.22 views

CVE-2020-17446

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

9.8CVSS9AI score0.02417EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/06/11 12:0 a.m.21 views

Magento Mass Importer < 0.7.23 Cross-Site Scripting

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer versions before 0.7.23 suffer from a cross-site scripting vulnerability through the prefix parameter of the /magmi/web/ajaxgettime.php URL, allowin...

6.1CVSS6.3AI score0.08173EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/11/21 12:27 a.m.37 views

Evernote: Non-production Open Database In Combination With XXE Leads To SSRF

Summary: The Apache Hive database hosted on the IP ██████████ and open on port 10000 is open and vulnerable to XXE. By "open", I mean that the database can be accessed by anyone. Steps To Reproduce: Chose any database client that supports Apache Hive and also uses a specific client version...

7.3AI score
Exploits0
CNVD
CNVD
added 2019/08/15 12:0 a.m.2 views

Yandex ClickHouse MySQL client information disclosure vulnerability

Yandex ClickHouse is a set of open source columnar databases for online analytical processing of the Russian company Yandex. An information disclosure vulnerability exists in the Yandex ClickHouse MySQL client. With the 'LOAD DATA LOCAL INFILE' feature enabled, an attacker can leverage a maliciou...

7.5CVSS6.2AI score0.01711EPSS
Exploits0References1
OSV
OSV
added 2017/03/03 4:59 p.m.1 views

UBUNTU-CVE-2016-7408

The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted 1 -m or 2 -c argument...

8.8CVSS7.7AI score0.03967EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/08/24 6:43 p.m.12 views

mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)

It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client an...

5.9CVSS6.8AI score0.07083EPSS
Exploits1References5
exploitpack
exploitpack
added 2014/10/14 12:0 a.m.13 views

SEO Control Panel 3.6.0 - (Authenticated) SQL Injection

SEO Control Panel 3.6.0 - Authenticated SQL Injection Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link:...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/10/14 12:0 a.m.23 views

SEO Control Panel 3.6.0 - (Authenticated) SQL Injection

Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Seo Panel Version 3.6.0 Tested on: Ka...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/02/13 6:33 p.m.3 views

mysql: command-line tool buffer overflow via long server version string

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

7.5CVSS7AI score0.06353EPSS
Exploits0References4
Fedora
Fedora
added 2013/11/02 4:52 a.m.35 views

[SECURITY] Fedora 19 Update: community-mysql-5.5.34-1.fc19

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

4.9CVSS2.7AI score0.0309EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/05/09 12:0 a.m.10 views

Oracle Database Client Traffic Detection

Binary data 5908.prm...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2010/07/30 12:0 a.m.29 views

Fedora Update for mysql FEDORA-2010-11135

Check for the Version of mysql OpenVAS Vulnerability Test Fedora Update for mysql FEDORA-2010-11135 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

6.5CVSS9.7AI score0.21789EPSS
Exploits4References2
Rows per page
Query Builder