The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-3781

Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote...

The vulnerability of the Data Server database in the interactive graphical SCADA system, allowing a intruder to execute arbitrary code.

The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS involves copying buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted messages...

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

CVE-2021-22741

CVE-2021-22741 affects Schneider Electric ClearSCADA and EcoStruxure Geo SCADA Expert (2019 all versions; 2020 up to v83.7742.1). The issue is a Password Hash with Insufficient Computational Effort, which could allow an attacker with access to server database files to decrypt or reveal user crede...

CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

Startup issues for both IBM Sterling B2B Integrator and IBM Sterling File Gateway caused by Microsoft® Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066

Abstract Applying Windows Patch KB2992611 for Microsoft® Security Bulletin MS14-066 could prevent startup of both IBM Sterling B2B Integrator and IBM Sterling File Gateway. Content IBM Support has received several production down calls from IBM Sterling B2B Integrator and IBM Sterling File Gatewa...

Waychar enrollment system has a flawed logic vulnerability

Waychar Enrollment System is a PHP/MYSQL based enrollment system. Waychar enrollment system has a logic flaw vulnerability that can be exploited by an attacker to bypass authentication and gain direct access to the backend management system...

U.S. Dept Of Defense: [███] SQL injection & Reflected XSS

SQL injection test 1. Go to site ███████ 2. Intercept this request POST /viewem6.php HTTP/1.1 Host: ████ User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:60.0 Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language:...

IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection Vulnerability

Exploit for windows platform in category web applications Exploit Title: Unauthenticated Remote SQLi Exploit Author: Mohamed Sayed - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10728883 Version: IGI 5.2.3.2 REQUIRED Tested on: Windows 10 CVE :...

IBM Identity Governance And Intelligence 5.2.3.2 / 5.2.4 SQL Injection

Exploit Title: Unauthenticated Remote SQLi Date: 11/09/2018 Exploit Author: Mohamed Sayed - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10728883 Version: IGI 5.2.3.2 REQUIRED Tested on: Windows 10 CVE : CVE-2018-1756 Hello , IBM IGI version 5.2.3.2 i...

Microsoft SQL Server 2016 CU Information Disclosure Vulnerability (KB4019086)

This host is missing an important security update according to Microsoft KB4019086. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Microsoft SQL Server 2014 Information Disclosure Vulnerability (KB4019093)

This host is missing an important security update according to Microsoft KB4019093. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficient sanity checks on the documentID parameter to the...

SQL SERVER Database Password vulnerability-vulnerability warning-the black bar safety net

Track a bit the SQL SERVER Database Server login process, and found that the password calculation is very vulnerable, a SQL SERVER Database Password vulnerability embodied in two aspects: 1, A network login when the password encryption algorithm 2, The database storage of the password encryption...

Code injection

IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database...

CVE-2007-0068

IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database...

CVE-2007-0068

IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database...

CVE-2004-2202

CVE-2004-2202 affects DUware DUclassified 4.0–4.2. The vulnerability arises from SQL injection in adDetail.asp via (1) cat_id or (2) sub_id parameters, and in the login form via the password parameter, enabling remote attackers to bypass authentication and execute commands on the server’s underly...

CVE-1999-0734

CiscoSecure Access Control Server (ACS) is affected due to a default configuration that allows remote users to modify the server database without authentication. Affected product/component: CiscoSecure ACS; vulnerability involves unauthenticated access to modify the database via default settings....