Jifty :: DBI SQL Injection Vulnerability

Jifty :: DBI is an object-relational persistence framework. A SQL injection vulnerability exists in Jifty :: DBI versions prior to 0.68, which can be exploited by an attacker to execute illegal SQL commands...

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

[SECURITY] Fedora 29 Update: pdns-4.1.11-1.fc29

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database...

[SECURITY] Fedora 28 Update: pdns-4.1.7-1.fc28

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database...

Drobo 5N2 Cross-Site Scripting Vulnerability

The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. A cross-site scripting vulnerability exists in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115. A remote attacker can...

CVE-2018-2369

Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attack...

CVE-2017-12227

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker...

[SECURITY] Fedora 25 Update: pdns-4.0.3-1.fc25

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database...

DBD::mysql: Multiple vulnerabilities

Background MySQL driver for the Perl5 Database Interface DBI Description Multiple vulnerabilities have been discovered in DBD::mysql. Please review the CVE identifiers referenced below for details. Impact An attacker could cause a Denial of Service condition, execute arbitrary code, or have other...

[SECURITY] Fedora 25 Update: perl-DBD-MySQL-4.041-1.fc25

DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming langua ge and the MySQL programming API that comes with the MySQL relational database management system...

[SECURITY] Fedora 24 Update: perl-DBD-MySQL-4.039-2.fc24

DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming langua ge and the MySQL programming API that comes with the MySQL relational database management system...

CVE-2016-1251

There is a vulnerability of type use-after-free affecting DBD::mysql aka DBD-mysql or the Database Interface DBI MySQL driver for Perl 3.x and 4.x before 4.041 when used with mysqlserverprepare=1...

Design/Logic Flaw

There is a vulnerability of type use-after-free affecting DBD::mysql aka DBD-mysql or the Database Interface DBI MySQL driver for Perl 3.x and 4.x before 4.041 when used with mysqlserverprepare=1...

CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

CVE-2016-6443

CVE-2016-6443 affects Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM) with a SQL database interface vulnerability. The issue is a lack of input validation in SQL queries, allowing an authenticated, remote attacker to execute a subset of arbitrary SQL statements that can...

[SECURITY] Fedora 23 Update: perl-DBD-MySQL-4.033-3.fc23

DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming langua ge and the MySQL programming API that comes with the MySQL relational database management system...

[SECURITY] Fedora 24 Update: perl-DBD-MySQL-4.037-1.fc24

DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming langua ge and the MySQL programming API that comes with the MySQL relational database management system...

[SECURITY] Fedora 22 Update: pdns-3.4.6-1.fc22

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database...

UBUNTU-CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

Sql injection

SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager UCM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313...