IBM DB2 注入漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in Db2 that originates from an abnormal termination of the server duri...

Security Bulletin: IBM InfoSphere BigInsights contains a denial of service vulnerability that can be exploited by a remote, authenticated DB2 user issuing a specially-crafted SELECT statement with ROUND or TRUNCATE function (CVE-2015-0157).

Summary InfoSphere BigInsights Big SQL contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with ROUND or TRUNCATE function. The vulnerability exists in the IBM DB2 component included in...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon mysqld. This issue only caused...

CVE-2020-11656

CVE-2020-11656 affects SQLite up to version 3.31.1, where the ALTER TABLE implementation has a use-after-free, demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Affected products/contexts in the linked documents consistently reference SQLite 3.31.1 or earlier. Some s...

DEBIAN-CVE-2019-19603

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash...

Code injection

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash...

CVE-2019-19603

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

Denial of service

IBM DB2 for Linux, UNIX and Windows 11.1 includes DB2 Connect Server contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032...

CVE-2018-1977

IBM DB2 for Linux, UNIX and Windows 11.1 includes DB2 Connect Server contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032...

PbootCMS Arbitrary PHP Code Execution Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. An arbitrary PHP code execution vulnerability exists in PbootCMS 1.2.2. A remote attacker can exploit this vulnerability by specifying a .php file name in the "SET GLOBAL generallogfile" statement and a subsequen...

Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability using a SELECT statement with subquery containing the AVG OLAP function on Oracle compatible database (CVE-2016-0215)

Summary IBM DB2 LUW contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a SELECT statment with subquery containing the AVG OLAP function on an Oracle compatible database. This may cause the DB2 server to terminate abnormally...

Security Bulletin: IBM® DB2® contains a file disclosure vulnerability using a SELECT statement with XML/XSLT function (CVE-2014-8910)

Summary IBM DB2 contains a file disclosure vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SELECT statement with XML/XSLT function to read arbitrary text files owned by the DB2 instance owner. On Windows, the attacker is able to re...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with WebSphere Remote Server (CVE-2016-0215)

Summary IBM DB2 is shipped as a component of WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin. Vulnerability Details For vulnerability details, see the security bulletin IBM DB2 LUW contains a denial of service...

Code injection

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service daemon crash via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database...

MariaDB Server 10.1.x < 10.1.22 Multiple DoS

Binary data 9994.prm...

MariaDB Server 10.1.x < 10.1.21 Multiple Vulnerabilities

Binary data 9915.prm...

MariaDB 10.1.x < 10.1.11 sql/sql_yacc.yy SELECT Statement Keyword Handling DoS

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.11. It is, therefore, affected by a denial of service vulnerability due to a flaw in sqlyacc.yy that is triggered when handling keywords in SELECT statements. An authenticated, remote attacker can exploit this to crash the...

IBM DB2 LUW Denial of Service Vulnerability (CNVD-2016-02177)

IBM DB2 LUW is a set of U.S. IBM's relational database management system running in the LUW Linux, UNIX and Windows platform. A security vulnerability exists in IBM DB2 LUW. A remote attacker can exploit this vulnerability to cause a denial of service service interruption with the help of a...