Design/Logic Flaw

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromi...

ALPINE-CVE-2017-3308

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protoco...

CVE-2017-3567

CVE-2017-3567 affects Oracle Database Server OJVM component (versions 11.2.0.4 and 12.1.0.2). A low-privilege attacker with Create Session and Create Procedure privileges and network access via multiple protocols can cause OJVM to hang or crash (DOs). CVSS v3.0 base score 5.3 (Availability). No r...

CVE-2017-3567

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromi...

CVE-2017-3486

Vulnerability in the SQLPlus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQLPlus executes to compromise...

CVE-2017-3523

It was discovered that the MySQL Connector/J client could deserialize certain database contents, regardless of the "autoDeserialize" option. If the client processes data received from an untrusted or compromised database server, a remote attacker could exploit this flaw to cause remote code...

Oracle Database Server Remote Vulnerability (CNVD-2017-06088)

Oracle Database Server is an object-relational database management system. It provides an open, comprehensive, and integrated approach to information management. A remote security vulnerability exists in the Oracle Database Server OJVM component, which can be exploited by a remote attacker to...

Oracle Database Server Local Vulnerability (CNVD-2017-06092)

Oracle Database Server is an object-relational database management system. It provides an open, comprehensive, and integrated approach to information management. A security vulnerability exists in the Oracle Database Server SQLPlus component, which can be exploited by remote attackers to compromi...

Aerospike Database Server RW Fabric Message Code Execution (CVE-2016-9053)

An out-of-bounds array indexing vulnerability has been reported in Aerospike Database Server. The vulnerability is due to improper handling of a fabric message containing a request to write a record element with malicious type value. A remote attacker could exploit this vulnerability by sending a...

WordPress Spider Event Calendar 1.5.51 Plugin - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...

Blind SQL Injection (timing attack)

Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application or other programs. Web applications retrieve data from the database by using Structured Query Language SQL queries. T...

Blind SQL Injection (differential analysis)

Due to the requirement for dynamic content of today's web applications, many rely on a database backend to store data that will be called upon and processed by the web application or other programs. Web applications retrieve data from the database by using Structured Query Language SQL queries. T...

[SECURITY] [DSA 3809-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3809-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 14, 2017 https://www.debian.org/security/faq -...

Aerospike Database Server Remote Code Execution Vulnerability

Aerospike Database Server is a distributed, scalable NoSQL database from Aerospike, Inc. A security vulnerability in the RW fabric message particle type of Aerospike Database Server allows remote attackers to exploit the vulnerability to submit special data messages and execute arbitrary code...

Null pointer dereference

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability...

CVE-2016-9051

An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can...

CVE-2016-9053

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can...

CVE-2016-9049

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability...

CVE-2016-9051

An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can...

CVE-2016-9053

CVE-2016-9053 affects Aerospike Database Server 3.10.0.3 via the RW fabric message particle type. A crafted fabric packet can trigger out-of-bounds indexing when decoding particle types: the server reads a type byte, uses it to index particle_vtable, and calls size_from_wire_fn, leading to remote...