Lucene search
K

144 matches found

RubySec
RubySec
added 2020/08/04 12:0 a.m.19 views

CSRF Vulnerability with Non-Session Based Authentication

The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...

8.1CVSS2.8AI score0.00465EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2020/04/10 12:53 a.m.35 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld...

4CVSS4.4AI score0.1144EPSS
Exploits1References28Affected Software1
OSV
OSV
added 2018/11/21 10:24 p.m.2 views

GHSA-JMF4-PQ78-F8VJ Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS6AI score0.01988EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2018/11/21 10:24 p.m.39 views

Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS2.5AI score0.01988EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2018/11/09 7:12 a.m.24 views

Information Disclosure

hive-exec is vulnerable to an information disclosure.The library does not properly handle permissions of entities in an EXPLAIN operation, allowing a malicious user to use the operation to gain access to sensitive information in an arbitrary table, view, metadata or statistics...

4.3CVSS5.1AI score0.01988EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2018/11/09 12:0 a.m.4 views

Apache Hive Hive EXPLAIN Query Unauthorized Vulnerability

Apache Hive is a set of Hadoop Distributed Systems Infrastructure based data warehouse software from the Apache Apache Software Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A...

4.3CVSS4.9AI score0.01988EPSS
Exploits0References1
Prion
Prion
added 2018/11/08 2:29 p.m.19 views

Authorization

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4CVSS4.7AI score0.01988EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/11/08 2:0 p.m.24 views

CVE-2018-1314

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.7AI score0.01988EPSS
Exploits0References2
CVE
CVE
added 2018/11/08 2:0 p.m.101 views

CVE-2018-1314

CVE-2018-1314 affects Apache Hive 2.3.3, 3.1.0 and earlier. The EXPLAIN operation fails to enforce authorization on involved entities, allowing an unauthorized user to run EXPLAIN on arbitrary tables/views and disclose table metadata and statistics. Concrete references include NVD/CVE records and...

4.3CVSS4.7AI score0.01988EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.42 views

Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite PoC

No description provided by source. !-- Quest Toad for Oracle Explain Plan Display ActiveX Control QExplain2.dll 6.6.1.1115 Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: QuestToad-Development-Suite-for-Oracle110R2.exe CLSID: F7014877-6F5A-4019-A3B2-74077F2AE126...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/10/16 12:0 a.m.37 views

IBM DB2 10.1 < Fix Pack 3 Multiple Vulnerabilities (credentialed check)

According to its version, the installation of IBM DB2 10.1 on the remote host is affected by the following vulnerabilities : - When a multi-node configuration is used, an error exists in the Fast Communications Manager FCM that could allow denial of service attacks. CVE-2013-4032 / IC94434 - An...

5CVSS5.5AI score0.02374EPSS
Exploits0References6
NVD
NVD
added 2013/08/28 1:13 p.m.20 views

CVE-2013-4033

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...

4.6CVSS6.4AI score0.01746EPSS
Exploits0References6
Prion
Prion
added 2013/08/28 1:13 p.m.23 views

Code injection

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...

4.6CVSS7AI score0.01746EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2013/08/28 10:0 a.m.34 views

CVE-2013-4033

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...

6.4AI score0.01746EPSS
Exploits0References6
CVE
CVE
added 2013/08/28 10:0 a.m.324 views

CVE-2013-4033

CVE-2013-4033 affects IBM DB2 and DB2 Connect (versions 9.7 FP8, 9.8 FP5, 10.1 FP2, 10.5 FP1). An authenticated user with EXPLAIN authority can temporarily gain SELECT/INSERT/UPDATE/DELETE on a table without DATAACCESS authority, by exploiting EXPLAIN-related privileges. IBM security notices list...

4.6CVSS6.5AI score0.01746EPSS
Exploits0References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/01/17 12:0 a.m.38 views

CentOS 5 : mysql (CESA-2013:0121)

Updated mysql packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

4.4CVSS7.3AI score0.00429EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2013/01/08 4:7 a.m.45 views

Low: Red Hat Security Advisory: mysql security and bug fix update

Updated mysql packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

4.4CVSS6.7AI score0.00429EPSS
Exploits3References11
Packet Storm
Packet Storm
added 2012/04/06 12:0 a.m.37 views

Quest Toad For Oracle Explain Plan Display File Creation / Overwrite

try obj.SaveToFile"c:\windows\win.ini"; catche try obj.SaveToFile"../../../../../../../../../../windows/win.ini"; catche original url: http://retrogod.altervista.org/9sgquesttoadpoc.htm...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2012/04/05 12:0 a.m.38 views

Quest Toad for Oracle Explain Plan Display ActiveX Control - &#039;QExplain2.dll 6.6.1.1115&#039; Remote File Creation / Overwrite

try obj.SaveToFile"c:\windows\win.ini"; catche try obj.SaveToFile"../../../../../../../../../../windows/win.ini"; catche...

7AI score
Exploits0
0day.today
0day.today
added 2012/04/05 12:0 a.m.26 views

Quest Toad for Oracle Explain Plan Display ActiveX Control Remote File Creation

Exploit for windows platform in category remote exploits try obj.SaveToFile"c:\windows\win.ini"; catche try obj.SaveToFile"../../../../../../../../../../windows/win.ini"; catche 0day.today 2018-03-09...

7.1AI score
Exploits0
Rows per page
Query Builder