83 matches found
Privilege escalation
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account...
CVE-2022-3641
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account...
PT-2022-23355 · Devolutions +1 · Devolutions Remote Desktop Manager +1
Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2022.3.13 through 2022.3.24 Description: The issue allows an authenticated user to spoof a privileged account due to elevation of privilege in the Azure SQL Data Source. Recommendations: For version...
CVE-2022-28764
The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting...
Prison Management System SQL Injection Vulnerability (CNVD-2022-48399)
Prison Management System is a prison management system from Carlo Montero's personal developer. v1.0 of Prison Management System is vulnerable to SQL injection, which originates from the id in /pms/admin/cells/viewcell.php in the application. parameter in /pms/admin/cells/viewcell.php lacks a...
Prison Management System SQL Injection Vulnerability (CNVD-2022-48390)
Prison Management System is a prison management system from Carlo Montero's personal developer. prison Management System v1.0 is vulnerable to SQL injection, which originates in the application /pms/admin/cells/managecell.php in the id parameter in /pms/admin/cells/managecell.php is missing the S...
Home Owners Collection Management System SQL Injection Vulnerability (CNVD-2022-70597)
A SQL injection vulnerability exists in Home Owners Collection Management System v1.0, which originates in /hocms/classes/Master.php The vulnerability is caused by a lack of filtering and escaping of SQL data in ?f=deletephase. An attacker could exploit this vulnerability to cause SQL injection...
MingSoft MCMS SQL Injection Vulnerability (CNVD-2022-85104)
MingSoft MCMS is a complete open source J2ee system from MingSoft, a Chinese company. mingsoft MCMS has a SQL injection vulnerability, which originates from the lack of filtering and escaping of SQL data in the categoryId parameter of /cms/content/list, and can be used by attackers to execute...
CVE-2022-24048
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
MCMS SQL Injection Vulnerability
Mcms is a complete open source J2ee system from China MingFei MingSoft. mcms v5.2.4 version has a SQL injection vulnerability, which originates in /ms/mdiy/model/importJson.do for the lack of filtering and escaping of SQL data. No detailed vulnerability details are available at this time...
SUSE-SU-2021:3555-1 Security update for salt
This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996...
CVE-2021-41616
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
U.S. Dept Of Defense: System Error Reveals Sensitive SQL Call Data
Summary: If you attempt to login at https://███.mil/sso/LoginRequest.do using a very long username, the application will respond showing a stack trace information with sensitive SQL data call information. This reveals too much information about SQL calls to the database. Please see the attached P...
CVE-2016-4530
OSIsoft PI SQL Data Access Server aka OLE DB 2016 1.5 allows remote authenticated users to cause a denial of service service outage and data loss via a message...
CVE-2016-4530
CVE-2016-4530 affects the OSIsoft PI SQL Data Access Server (OLE DB) 2016 (1.5). The vulnerability arises from improper input validation in the PI SQL Data Access Server when processing a message from an authenticated connection, enabling a remote denial-of-service that can cause a service outage...
CVE-2016-4530
OSIsoft PI SQL Data Access Server aka OLE DB 2016 1.5 allows remote authenticated users to cause a denial of service service outage and data loss via a message...
OSIsoft PI AF Server Denial of Service Vulnerability
OSIsoft PI System is a suite of data acquisition, analysis, and visualization software, and PI AF Server is the core product of PI System. A security vulnerability exists in OSIsoft PI AF Server SQL Data Access Server that does not properly process input, which can be exploited by remote attacker...
kleeja 1.0.0RC6 - Database Disclosure
kleeja 1.0.0RC6 - Database Disclosure ==================================================== kleeja1.0.0RC6 Database Disclosure Exploit ==================================================== Vendor: kleeja.com Date: 2010-05-27 Author : indoushka Contact : 00213771818860 Home : www.sec4ever.com Bug :...
RedHat Update for postgresql RHSA-2010:0427-01
Check for the Version of postgresql OpenVAS Vulnerability Test RedHat Update for postgresql RHSA-2010:0427-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
IBM DB2 9.1 < Fix Pack 8 Multiple Vulnerabilities
According to its version, the IBM DB2 server running on the remote host is prior to 9.1 Fix Pack 8. It is, therefore, affected by multiple vulnerabilities : - MODIFIED SQL DATA table function is not dropped even if the maintainer does not have privileges to maintain the objects. IZ46773 - It may ...