37 matches found
CVE-2014-8336
The WP-DBManager WordPress plugin (pre-2.7.2) contains a vulnerability in the Sql Run Query panel that allows remote read of arbitrary files by exploiting insufficient query restriction, demonstrated via LOAD_FILE in an INSERT statement. Affected product: WP-DBManager plugin for WordPress. Impact...
CVE-2014-8335
The CVE-2014-8335 entry relates to the WP-DBManager (aka Database Manager) WordPress plugin, affected in versions prior to 2.7.2. The vulnerability affects the files wp-dbmanager.php and database-manage.php, where credentials are placed on the mysqldump command line, enabling local users to obtai...
CVE-2014-8335
1 wp-dbmanager.php and 2 database-manage.php in the WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...
CVE-2014-8334
The WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 $backup'filepath' aka "Path to Backup:" field or 2 $backup'mysqldumppath' variable...
CVE-2014-8334
The CVE-2014-8334 issue affects the WordPress WP-DBManager plugin (pre-2.7.2). Vulnerable component: the backup handling code that reads $backup[' filepath'] and $backup['mysqldumppath']; root cause is shell metacharacter handling, enabling remote authenticated users to execute arbitrary commands...
CVE-2014-8334
The WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 $backup'filepath' aka "Path to Backup:" field or 2 $backup'mysqldumppath' variable...
WordPress DBManager Plugin <= 2.7.1 - Multiple Vulnerabilities
There are multiple vulnerabilities in this plugin, that allow remote authenticated users to execute arbitrary commands via shell metacharacters in the $backup'filepath' or $backup'mysqldumppath' variable. Solution Update the plugin...
WP-DBManager < 2.7.2 - Authenticated Command Injection
The WP-DBManager WordPress plugin was affected by an Authenticated Command Injection security vulnerability...
Altiris Deployment Solution < 6.9 SP4 DBManager DoS (SYM10-007)
Binary data 5515.prm...
Altiris Deployment Solution Server < 6.9 SP4 DBManager DoS (SYM10-007)
The version of Altiris Deployment Solution installed on the remote host is reportedly affected by a denial of service vulnerability. The DBManager component has a use-after-free error when processing specially crafted 'CreateSession' and 'PXEManagerSignOn' requests. A remote attacker could exploi...
Altiris Deployment Solution Server < 6.9.430 Multiple Vulnerabilities (SYM09-011)
The version of Altiris Deployment Solution installed on the remote host is reportedly affected by the following vulnerabilities : - DBManager authentication can by bypassed. A remote attacker could exploit this to execute arbitrary database queries. CVE-2009-3107 - The Aclient GUI has a privilege...
CVE-2009-3107
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service...
Authentication flaw
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service...
CVE-2009-3107
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service...
PT-2009-5434 · Symantec · Symantec Altiris Deployment Solution
Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430 Description: The issue is related to improper access restriction to the listening port for the DBManager service. This allows remote attackers to bypass authenticati...
DBTools DBManager catalog.mdb Plaintext Local Credential Disclosure
The remote host is running DBManager from DBTool - a GUI to manage MySQL and PostgreSQL databases. This program stores the passwords and IP addresses of the managed databases in an unencrypted file. A local attacker could use the data in this file to log into the managed databases and execute...
DBTools' DBManager Information Leak Vulnerability
Centaura Technologies Security Research Lab Advisory Product Name: DBTools DBManager Professional Systems: Windows 9x/NT/2000/2003 Server Severity: Medium Remote: No Category: Information Leak Vendor URL: http://www.dbtools.com.br Advisory Author: Ignacio Vazquez Advisory URL:...