Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had

Identifying and taking action to stop policy-violating behavior is hard enough when you have complete insight into the risks affecting your data repositories. It is virtually impossible to achieve security, however, when you cannot even see these risks to your data repositories. Unfortunately, to...

Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases, which allows attackers to gain privileged access

Vulnerability of the MySQL Cluster component: General database management system vulnerabilities in MySQL Cluster exist due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain privileged access remotely...

46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?

By Elad Erez, Chief Innovation Officer, Imperva Is there a day that goes by where you don’t read a news headline about a mega-breach impacting millions of people? It’s an unlikely scenario, particularly at a time when the volume of data breaches are rising by an astonishing 30 percent annually...

Simple Library Management System 1.0 SQL Injection

Exploit Title: Simple Library Management System 1.0 - 'rollno' SQL Injection Date: 2021-08-08 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.nikhilbhalerao.com/ Software Link: https://www.sourcecodester.com/php/14126/simple-library-management-system.html Version: V1 Category:...

Vulnerabilities fixed in IBM Spectrum Protect Server

Vulnerabilities have been fixed in IBM DB2 as used in IBM Spectrum Protect. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Access to system data T...

SQL Injection Vulnerability in GST Intelligent Firefighting IoT System of Gulf Security Technologies Ltd.

GST Intelligent Fire IOT System is developed through the successful experience in establishing and applying urban automatic fire alarm network monitoring and control management system. The GST Intelligent Firefighting IOT System of Gulf Security Technologies Limited suffers from a SQL injection...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenie...

CVE-2020-24841

PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

SQL Injection Vulnerabilities in the Website Building System of Guangzhou Benying Computer Technology Co.

Guangzhou Benying Computer Technology Co., Ltd. is committed to building the Internet business ecosystem, especially focusing on the field of mobile Internet, to provide APP development, system development, small program and WeChat public number secondary development, website construction and oth...

Sql injection

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

SirsiDynix e-Library 3.5.x - Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.com Version:...

PHP Dashboards 4.5 SQL Injection

Exploit 1 of 2: Exploit Title: PHP Dashboards v4.5 - Registration Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Version: v4.5 Category: Webapps Tested...

OPENSUSE-SU-2017:3448-1 Security update for phpMyAdmin

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

MGASA-2016-0371 Updated mariadb packages fix security vulnerabilities

A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user CVE-2016-6663. This update fixes several vulnerabilitie...

Vulnerabilities of the Oracle Database database management system, which allow a remote attacker to compromise the accessibility of protected information

The numerous vulnerabilities in the current Oracle allow malicious actors operating remotely to circumvent security restrictions, execute arbitrary SQL commands, and gain access to confidential data...

CANDID 'view.php' SQL Injection and Cross Site Scripting Vulnerabilities

CANDID is prone to sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Animals' Liberty - Wer macht's - Corrupted files, External URLs, SQLite database found vulnerabilities

HackApp vulnerability scanner discovered that application Animals' Liberty - Wer macht's published at the 'play' market has multiple vulnerabilities...

Department of Education Lambasted Over Database Vulnerabilities

Like the Office of Personnel Management before it, the Department of Education has failed to heed repeated warnings that its systems contain multiple weaknesses. In a House Committee on Oversight and Government Reform hearing held this week, Congressman and committee chair Jason Chaffetz R-Utah...

SUSE-SU-2015:1353-1 Security update for oracle-update

oracle-update was updated to fix eight security issues. These security issues were fixed: - CVE-2015-2629: Vulnerability in the Java VM component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Easily exploitable vulnerability allows...