Design/Logic Flaw

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service daemon crash by leveraging an unspecified scalar function in a SQL statement...

CVE-2014-8910

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement...

CVE-2015-0157

CVE-2015-0157 affects IBM DB2 LUW and InfoSphere BigInsights; a remote authenticated DB2 user can crash the server by sending a crafted SQL using scalar functions (ROUND/TRUNCATE). CVSS base 6.8. Affected: DB2 LUW 9.7/9.8/10.1/10.5 lines; BigInsights’ Big SQL includes DB2 components. Remediation:...

N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password

Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...

MariaDB 5.5.0 < 5.5.44 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 5.5.44. It is, therefore, affected by multiple vulnerabilities as referenced in the 5.5.44 advisory. - Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl optio...

Cisco Unified MeetingPlace Unspecified SQLi (CSCuu54037)

According to its self-reported version number, the Cisco Unified MeetingPlace application hosted on the remote web server is potentially affected by a SQL injection vulnerability due to a failure to properly sanitize user-supplied input. An authenticated, remote attacker can exploit this to...

SQL injection vulnerability in netrep/index.jsp parameter of financial statement system of Beijing Jiuji Software Co.

Financial Statement System is a financial bookkeeping system. A SQL injection vulnerability exists in the netrep/index.jsp parameter of the financial statement system of Beijing Jiuqi Software Co. Ltd. that allows an attacker to exploit the vulnerability to obtain sensitive information from the...

CVE-2015-3993

Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table...

Design/Logic Flaw

Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table...

CVE-2015-3993

Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table...

SAP HANA DB Arbitrary File Read Vulnerability

SAP HANA DB is an in-memory database based on rows and columns. SAP HANA DB has a security vulnerability that allows remote attackers to read arbitrary files using the IMPORT FROM SQL statement...

[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information Disclosure via SQL IMPORT FROM statement 1. Impact on Business ===================== Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated...

How to Fix iPhone Crash Text Message Bug

We reported you about a new bug in the core component of iOS and OS X that causes the device's Messages app to crash and iPhones to reboot if it receives a certain string of characters, Arabic characters, via text message. Many have since fallen victims to this specially crafted sequence of Unico...

Code injection

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565...

CVE-2015-3995

CVE-2015-3995 concerns SAP HANA DB 1.00.73.00.389160 (NewDB100_REL). A remote, authenticated user can read arbitrary files via an IMPORT FROM SQL statement due to an improper access control weakness. Onapsis’ advisory (linked to CVE-2015-3995) documents the vulnerability class as Improper Access ...

ManageEngine Applications Manager CommonAPIUtil SyncMonitors haid SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SyncMonitors method of the CommonAPIUtil class. The issue lies i...

ManageEngine Applications Manager DowntimeSchedulerServlet TASKID SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DowntimeSchedulerServlet servlet. The issue lies in the failure ...

ManageEngine OpManager APMAlertOperationsServlet source SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APMAlertOperationsServlet servlet. The issue lies in the failure to sanitiz...

ManageEngine OpManager UpdateProbeUpgradeStatus probeName SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateProbeUpgradeStatus servlet. The issue lies in the failure to sanitize...

ManageEngine Applications Manager CommonAPIUtil moveSubGroup haid/tohaid SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the moveSubGroup method of the CommonAPIUtil class. The issue lies i...