51 matches found
CVE-2020-12458
An information-disclosure flaw was found in the way Grafana set permissions for the database directory and file. This flaw allows a local attacker access to potentially sensitive information such as cleartext or encrypted datasource passwords from /var/lib/grafana/grafana.db. Mitigation Manually...
CVE-2018-14335
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files outside of their permissions via a symlink to a fake database file...
Zabbix 2.2. x, 3.0. x latest.php SQL injection vulnerability
Zabbix insertDBinjection vulnerabilities analysis Vulnerability linkage: https://www.seebug.org/vuldb/ssvid-92302 A vulnerability overview 1. Vulnerability description Zabbix is a WEB-based interface to provide distributed system monitoring and network monitoring capabilities of enterprise-class...
[SECURITY] [DLA 492-1] pdns security update
Package : pdns Version : 3.1-4.1+deb7u1 CVE ID : CVE-2014-7210 It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected. For Debian 7 "Wheezy", these problems have been fixed in version 3.1-4.1+deb7u...
DLA-492-1 pdns - security update
Bulletin has no description...
IBM DB2 9.7 < Fix Pack 9 Multiple Vulnerabilities
According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 9. It is, therefore, affected by one or more of the following vulnerabilities : - The included software, GSKit, contains several errors related to SSL and TLS that can result in denial of...
新 点 软件 asp.net vulnerability small analysis-vulnerability warning-the black bar safety net
The new Point is mainly used gov net web site, the vulnerability relatively tasteless, if the site did not close the members register is available, the Main Station fckeditor vulnerability has been patch www.xxxx.com/member of path/ registration after login, click on Edit to add information, add...
Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting
Advisory: Openfire Server Multiple Vulnerabilities Advisory ID: AKADV2008-001 Release Date: 2008/11/07 Revision: 1.0 Last Modified: 2008/11/07 Date Reported: 2008/05/17 Author: Andreas Kurtz mail at andreas-kurtz.de Affected Software: Openfire Server = 3.6.0a Remotely Exploitable: Yes Risk:...
The reproduction of social engineering-vulnerability warning-the black bar safety net
Article author: withered Ling roseN. C. P. H Information source: evil octal information security teamwww.eviloctal.com to This is my osmosis in the process of a real experience,I would have thought after two days of time to get to the master server,the Master Station program on the Master Station...
CVE-2002-0942
Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures 1 xplogattachStartProf, 2 xplogattachsetport, or 3 xplogattach...
CVE-2002-0942
CVE-2002-0942 describes buffer overflows in Lugiment Log Explorer (pre-3.02). The vulnerability stems from vulnerable handling of long arguments to the extended stored procedures (xp_logattach_StartProf, xp_logattach_setport, xp_logattach), which can allow an attacker with database permissions to...