Lucene search
K

60 matches found

Veracode
Veracode
added 2022/11/08 4:55 a.m.14 views

Arbitrary Code Execution

github.com/pingcap/tidb is vulnerable to arbitrary code execution. The vulnerability exists because the data source name string in the database connection is not properly neutralized which allows an attacker to inject malicious code and get read access to files in the system...

9.8CVSS9.1AI score0.00562EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/04 7:1 p.m.22 views

GHSA-7FXJ-FR3V-R9GJ TiDB vulnerable to Use of Externally-Controlled Format String

TiDB server importer CLI tool prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."...

9.8CVSS9.6AI score0.00562EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/04 7:1 p.m.25 views

TiDB vulnerable to Use of Externally-Controlled Format String

TiDB server importer CLI tool prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating and inserting data into a database does not properly sanitize user input which can lead to arbitrary file reads."...

9.8CVSS9.3AI score0.00562EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/04 12:0 a.m.4 views

PT-2022-20025 · Tidb · Tidb

Name of the Vulnerable Software and Affected Versions: TiDB versions prior to 6.4.0 TiDB versions prior to 6.1.3 Description: The issue concerns the use of an externally-controlled format string and data source name injection in the TiDB server. Specifically, the database name for generating and...

9.8CVSS4.9AI score0.00562EPSS
Exploits0References8
OSV
OSV
added 2022/05/11 11:3 a.m.5 views

OESA-2022-1641 perl-DBI security update

The DBI is the standard database interface module for Perl.It defines a set of methods, variables and conventions that providea consistent database interface independent of the actual database being used.It is important to remember that the DBI is just an interface.The DBI is a layer of "glue"...

6.1CVSS7AI score0.00488EPSS
Exploits1References2
Huntr
Huntr
added 2021/12/26 1:9 p.m.20 views

Data Source Name Injection

Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...

7.5CVSS0.00562EPSS
Exploits0References1
Prion
Prion
added 2021/11/23 8:15 p.m.10 views

Cross site scripting

The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks...

3.5CVSS4.8AI score0.00677EPSS
Exploits1References1Affected Software1
Mageia
Mageia
added 2021/10/02 6:57 p.m.35 views

Updated perl-DBI packages fix security vulnerability

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. CVE-2014-10402...

6.1CVSS6.5AI score0.00488EPSS
Exploits1References2
OSV
OSV
added 2021/08/04 11:8 a.m.5 views

USN-5030-1 libdbi-perl vulnerabilities

It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2014-10402 It was discovered that the Perl DBI module incorrectly handled certain long...

7.1CVSS6.9AI score0.00602EPSS
Exploits1References3
Veracode
Veracode
added 2020/12/06 4:8 a.m.28 views

Information Disclosure

DBI module is vulnerable to information disclosure. Local attackers could open files from folders other than those specifically passed via the fdir attribute in the data source name DSN...

6.1CVSS3.9AI score0.00488EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/11/26 5:28 p.m.6 views

OPENSUSE-SU-2020:2051-1 Security update for perl-DBI

This update for perl-DBI fixes the following issues: - DBD::File drivers could open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. bsc1176492, CVE-2014-10401, CVE-2014-10402 This update was imported from the SUSE:SLE-15:Update update...

6.1CVSS6.3AI score0.00488EPSS
Exploits1References4
OSV
OSV
added 2020/09/16 4:15 p.m.13 views

AZL-41925 CVE-2014-10402 affecting package perl-DBI for versions less than 1.632-1

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...

6.1CVSS6.7AI score0.00488EPSS
Exploits1References1
OSV
OSV
added 2020/09/16 4:15 p.m.17 views

CVE-2014-10402

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...

6.1CVSS6.9AI score
Exploits0References4
OSV
OSV
added 2020/09/16 4:15 p.m.4 views

ALPINE-CVE-2014-10402

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...

6.1CVSS7AI score0.00488EPSS
Exploits1References1
OSV
OSV
added 2020/09/16 4:15 p.m.4 views

DEBIAN-CVE-2014-10402

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. NOTE: this issue exists because of an incomplete fix for CVE-2014-10401...

6.1CVSS6.8AI score0.00488EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.5 views

PT-2020-6752 · Dbi +5 · Dbi +5

Name of the Vulnerable Software and Affected Versions: DBI module through 1.643 for Perl Description: The issue is related to the DBI module for Perl, where the DBD::File drivers can open files from folders other than those specifically passed via the f dir attribute in the data source name DSN...

7.1CVSS5.9AI score0.00602EPSS
Exploits1References57
OSV
OSV
added 2018/10/24 7:42 p.m.6 views

GHSA-XJRR-XV9M-4PW5 Improper Input Validation in alilibaba:fastjson

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

9.8CVSS7.6AI score0.3897EPSS
Exploits2References7
ThreatPost
ThreatPost
added 2011/02/25 3:21 p.m.20 views

New BIND Bug Can Cause Remote Server DoS

There is a severe vulnerability in the widely deployed BIND DNS software that can allow an attacker to force a remote server to freeze and stop processing requests. The bug is in several recent versions of the BIND software. BIND is a very popular DNS package that’s maintained by the Internet...

7.1CVSS0.4AI score0.13598EPSS
Exploits1References2
Cvelist
Cvelist
added 2011/01/12 12:0 a.m.28 views

CVE-2011-0026

Integer signedness error in the SQLConnectW function in an ODBC API odbc32.dll in Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name DSN and a crafted szDSN...

7.5AI score0.34399EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2011/01/11 12:0 a.m.6 views

PT-2011-2023 · Microsoft · Data Access Components +1

Name of the Vulnerable Software and Affected Versions: Microsoft Data Access Components MDAC versions 2.8 SP1 through 2.8 SP2 Windows Data Access Components WDAC version 6.0 Description: The issue is related to an integer signedness error in the SQLConnectW function within the odbc32.dll of...

9.3CVSS7.8AI score0.34399EPSS
Exploits0References12
Rows per page
Query Builder