Buffer overflow

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The...

RHEL 7 : mariadb (RHSA-2018:2439)

An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Samsung SmartThings Hub video-core HTTP server buffer overflow vulnerability (CNVD-2018-14290)

Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A stack buffer overflow vulnerability exists in the database 'find-by-cameraId' function of the video-core HTTP server in the Samsung SmartThings Hub, which...

CVE-2017-3183 Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions

Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determine...

MSDAT - Microsoft SQL Database Attacking Tool

MSDAT M icros oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...

[SECURITY] Fedora 27 Update: mariadb-10.2.15-2.fc27

MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...

[SECURITY] Fedora 27 Update: sqlite-3.20.1-3.fc27

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

[SECURITY] Fedora 28 Update: sqlite-3.22.0-4.fc28

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

[SECURITY] Fedora 28 Update: mariadb-10.2.13-2.fc28

MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...

shashankgusai.weebly.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-593768 Description| Value ---|--- Affected Website:| shashankgusai.weebly.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

[SECURITY] Fedora 26 Update: sqlite-3.20.1-2.fc26

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

Moderate: Red Hat Security Advisory: rh-mariadb101-mariadb and rh-mariadb101-galera security and bug fix update

An update for rh-mariadb101-mariadb and rh-mariadb101-galera is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

China-Linked APT15 Used Myriad of New Tools To Hack UK Government Contractor

CANCUN, Mexico – Researchers at NCC Group have discovered multiple backdoors on a UK government contractor’s computer systems designed to steal sensitive government and military data. The hack is tied to China-linked cyber espionage group APT15, which researchers said is utilizing many new tools ...

MySQL: Multiple vulnerabilities

Background A fast, multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the referenced CVE identifiers for details. Impact A remote attacker could execute arbitrary code without authentication or cause a partial denial o...

USN-3564-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information...

Moderate: Red Hat Security Advisory: rh-mariadb100-mariadb security update

An update for rh-mariadb100-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)

Exploit for multiple platform in category web applications Multiple vulnerabilities in ManageEngine EventLog Analyzer Discovered by Pedro Ribeiro email protected, Agile Information Security ========================================================================== Disclosure: 05/11/2014 / Last...

ACE - Automated, Collection, and Enrichment Platform

The Automated Collection and Enrichment ACE platform is a suite of tools for threat hunters to collect data from many endpoints in a network and automatically enrich the data. The data is collected by running scripts on each computer without installing any software on the target. ACE supports...

The Automated Collection and Enrichment Platform: ACE

The Automated Collection and Enrichment ACE platform is a suite of tools for threat hunters to collect data from many endpoints in a network and automatically enrich the data. The data is collected by running scripts on each computer without installing any software on the target. ACE supports...

RegistrationMagic Plugin for WordPress < 3.7.9.3 PHP Object Injection

According to its self-reported version, the RegistrationMagic Plugin for WordPress running on the remote web server is prior to 3.7.9.3. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects, execute arbitrar...