144 matches found
CSRF Vulnerability with Non-Session Based Authentication
The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...
Denial Of Service (DoS)
mysql is vulnerable to denial of service. A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld...
GHSA-JMF4-PQ78-F8VJ Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...
Information Disclosure
hive-exec is vulnerable to an information disclosure.The library does not properly handle permissions of entities in an EXPLAIN operation, allowing a malicious user to use the operation to gain access to sensitive information in an arbitrary table, view, metadata or statistics...
Apache Hive Hive EXPLAIN Query Unauthorized Vulnerability
Apache Hive is a set of Hadoop Distributed Systems Infrastructure based data warehouse software from the Apache Apache Software Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A...
Authorization
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...
CVE-2018-1314
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...
CVE-2018-1314
CVE-2018-1314 affects Apache Hive 2.3.3, 3.1.0 and earlier. The EXPLAIN operation fails to enforce authorization on involved entities, allowing an unauthorized user to run EXPLAIN on arbitrary tables/views and disclose table metadata and statistics. Concrete references include NVD/CVE records and...
Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite PoC
No description provided by source. !-- Quest Toad for Oracle Explain Plan Display ActiveX Control QExplain2.dll 6.6.1.1115 Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: QuestToad-Development-Suite-for-Oracle110R2.exe CLSID: F7014877-6F5A-4019-A3B2-74077F2AE126...
IBM DB2 10.1 < Fix Pack 3 Multiple Vulnerabilities (credentialed check)
According to its version, the installation of IBM DB2 10.1 on the remote host is affected by the following vulnerabilities : - When a multi-node configuration is used, an error exists in the Fast Communications Manager FCM that could allow denial of service attacks. CVE-2013-4032 / IC94434 - An...
CVE-2013-4033
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...
Code injection
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...
CVE-2013-4033
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...
CVE-2013-4033
CVE-2013-4033 affects IBM DB2 and DB2 Connect (versions 9.7 FP8, 9.8 FP5, 10.1 FP2, 10.5 FP1). An authenticated user with EXPLAIN authority can temporarily gain SELECT/INSERT/UPDATE/DELETE on a table without DATAACCESS authority, by exploiting EXPLAIN-related privileges. IBM security notices list...
CentOS 5 : mysql (CESA-2013:0121)
Updated mysql packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Low: Red Hat Security Advisory: mysql security and bug fix update
Updated mysql packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Quest Toad For Oracle Explain Plan Display File Creation / Overwrite
try obj.SaveToFile"c:\windows\win.ini"; catche try obj.SaveToFile"../../../../../../../../../../windows/win.ini"; catche original url: http://retrogod.altervista.org/9sgquesttoadpoc.htm...
Quest Toad for Oracle Explain Plan Display ActiveX Control - 'QExplain2.dll 6.6.1.1115' Remote File Creation / Overwrite
try obj.SaveToFile"c:\windows\win.ini"; catche try obj.SaveToFile"../../../../../../../../../../windows/win.ini"; catche...
Quest Toad for Oracle Explain Plan Display ActiveX Control Remote File Creation
Exploit for windows platform in category remote exploits try obj.SaveToFile"c:\windows\win.ini"; catche try obj.SaveToFile"../../../../../../../../../../windows/win.ini"; catche 0day.today 2018-03-09...