90 matches found
SUSE CVE-2013-7491
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated...
SUSE CVE-2014-10402
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...
SUSE CVE-2020-14393
A buffer overflow was found in perl-DBI 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data...
phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...
Fedora: Security Advisory for pdns (FEDORA-2022-8367cefdea)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Unspecified Vulnerability in Fortinet FortiPortal
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability in the customer database interface of Fortinet FortiPortal prior ...
CVE-2021-36181
A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...
Race condition
A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...
CVE-2021-36181
Fortinet FortiPortal CVE-2021-36181 is a race-condition in the customer database interface caused by improper thread synchronization. It affects FortiPortal prior to 6.0.6 and can allow an authenticated, low-privilege user to coordinate web requests to bring the underlying database data into an i...
CVE-2021-36181
A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...
SAP Business Information Warehouse SQL Injection Vulnerability
SAP Business Information Warehouse SAP BW is a data warehouse for collecting and tabulating information in an enterprise environment from SAP Germany. The software is an enterprise-wide information center for data analysis from R / 3 and other business applications, including databases and extern...
CVE-2021-21468
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...
CVE-2021-21468
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
Sql injection
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
Authorization
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...
CVE-2021-21465
CVE-2021-21465 affects SAP BW Database Interface. The vulnerability arises from improper sanitization of untrusted data, allowing an attacker with low privileges to craft SQL queries that the backend database will execute, potentially fully compromising the SAP system. Connected sources corrobora...
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
CVE-2021-21468
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...