Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2019-4032: IBM Financial Transaction Manager SQL injection CVE-2019-4032 Vulnerability Report

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998.

CVE
#sql#vulnerability#git#ibm
CVE-2019-9201: Insecure permissions in ILC and AXC controllers leaves over 1,200 ICS devices vulnerable to attacks over the internet

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

CVE-2018-20033: End of Support for the Secunia Community Site

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

CVE-2019-7548: GitHub - no-security/sqlalchemy_test

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

CVE-2017-18359: #3704 (ST_AsX3D returns random data

PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.

CVE-2019-2455: Oracle Critical Patch Update Advisory - January 2019

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2018-3854: TALOS-2018-0537 || Cisco Talos Intelligence Group

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.

CVE-2018-18805: Offensive Security’s Exploit Database Archive

Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.

CVE-2018-19206: Update 1.3.8 released

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.