398 matches found
PT-2023-10233 · Unknown · Githuis P2Manage
Name of the Vulnerable Software and Affected Versions: githuis P2Manage affected versions not specified Description: A critical vulnerability was found in githuis P2Manage, affecting the function Execute of the file PTwoManage/Database.cs. The manipulation of the sql argument leads to sql...
GHSA-463W-HXFV-G9F6 Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files. If anonymous read enabled, it's possible to read the database file directly without logging in...
CVE-2022-40308
If anonymous read enabled, it's possible to read the database file directly without logging in...
Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring RRT Agent (CVE-2021-45346)
Summary A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain...
Design/Logic Flaw
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...
Keysight Technologies Sensor Management Server SQL注入漏洞
Keysight Technologies Sensor Management Server is a sensor management server from Keysight Technologies, USA. A security vulnerability exists in Keysight Technologies Sensor Management Server SMS that originates from the ability of an unauthenticated, remote attacker to effectively take control o...
ABB REX640 Incorrect Permission Assignment for Critical Resource (CVE-2022-1596)
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. - Incorrect Permission Assignment for Critical...
Code injection
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node...
UBUNTU-CVE-2022-20792
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...
CVE-2022-26630
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...
CVE-2021-41652
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database...
B2 Command Line Tool TOCTOU application key disclosure
Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...
GHSA-P867-FXFR-PH2W b2-sdk-python TOCTOU application key disclosure
Impact Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. SDK users of the SqliteAccountInfo format are vulnerable while users...
Time-of-check-time-of-use (TOCTOU)
b2sdk is vulnerable to time-of-check-time-of-use TOCTOU. A local attacker is able to read the contents of the local database file where API keys are saved when using SqliteAccountInfo, resulting in sensitive information disclosure via race condition...
CVE-2022-23653
B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...
CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
CVE-2021-45346
A memory leak flaw was found in the SQLite Project via maliciously crafted SQL Queries made via editing the Database File. This flaw allows a malicious user to obtain sensitive information due to a possible query to a record and leaking subsequent bytes of memory that extend beyond the record...
CVE-2021-45346
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...
CVE-2021-45346
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...
Memory corruption
DISPUTED A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user...