46 matches found
CVE-2020-26759
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...
CVE-2020-26759
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...
CVE-2020-26759
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...
mysql: C API unspecified vulnerability (CPU Apr 2020)
Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...
Debian DLA-2363-1 : asyncpg security update
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder. For Debian 9 stretch, this problem has been fixed in version...
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Researchers have disclosed two flaws that could enable remote code execution attacks on the Magento Mass Import Magmi plugin, an open source database client that imports data into Magento. Magmi is a Magento database client written in PHP, which is used to perform raw bulk operations on the model...
CVE-2020-17446
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...
Code injection
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...
CVE-2020-17446
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...
Magento Mass Importer < 0.7.23 Cross-Site Scripting
Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. Magento Mass Importer versions before 0.7.23 suffer from a cross-site scripting vulnerability through the prefix parameter of the /magmi/web/ajaxgettime.php URL, allowin...
Evernote: Non-production Open Database In Combination With XXE Leads To SSRF
Summary: The Apache Hive database hosted on the IP ██████████ and open on port 10000 is open and vulnerable to XXE. By "open", I mean that the database can be accessed by anyone. Steps To Reproduce: Chose any database client that supports Apache Hive and also uses a specific client version...
Yandex ClickHouse MySQL client information disclosure vulnerability
Yandex ClickHouse is a set of open source columnar databases for online analytical processing of the Russian company Yandex. An information disclosure vulnerability exists in the Yandex ClickHouse MySQL client. With the 'LOAD DATA LOCAL INFILE' feature enabled, an attacker can leverage a maliciou...
UBUNTU-CVE-2016-7408
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted 1 -m or 2 -c argument...
mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client an...
SEO Control Panel 3.6.0 - (Authenticated) SQL Injection
SEO Control Panel 3.6.0 - Authenticated SQL Injection Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link:...
SEO Control Panel 3.6.0 - (Authenticated) SQL Injection
Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Seo Panel Version 3.6.0 Tested on: Ka...
mysql: command-line tool buffer overflow via long server version string
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...
[SECURITY] Fedora 19 Update: community-mysql-5.5.34-1.fc19
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
Oracle Database Client Traffic Detection
Binary data 5908.prm...
Fedora Update for mysql FEDORA-2010-11135
Check for the Version of mysql OpenVAS Vulnerability Test Fedora Update for mysql FEDORA-2010-11135 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...