Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database vulnerabilities and exploits
(subscribe to this query)
935
VMScore
CVE-2007-2079
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and previous versions for Windows uses untrusted input for the database server hostname, which allows remote malicious users to trigger a library buffer overflow and execute arbitrary code via a long host paramete...
Xampp Apache Distribution
1 EDB exploit
915
VMScore
CVE-2008-5416
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and previous versions; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows I...
Microsoft Sql Server 2000
Microsoft Sql Server 2005
3 EDB exploits
1 Github repository
912
VMScore
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB prior to 1.7.0 and 2.x prior to 2...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
5 Github repositories
910
VMScore
CVE-2003-0780
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and previous versions, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.
Oracle Mysql 3.23.25
Oracle Mysql 3.23.26
Oracle Mysql 3.23.32
Oracle Mysql 3.23.33
Oracle Mysql 3.23.40
Oracle Mysql 3.23.41
Oracle Mysql 3.23.48
Oracle Mysql 3.23.49
Oracle Mysql 3.23.54a
Oracle Mysql 3.23.55
Oracle Mysql 4.0.11
Oracle Mysql 4.0.5
Oracle Mysql 4.0.5a
Oracle Mysql 4.0.6
Mysql Mysql 4.1.0
Oracle Mysql 3.23.2
Oracle Mysql 3.23.22
Oracle Mysql 3.23.28
Oracle Mysql 3.23.29
Oracle Mysql 3.23.3
Oracle Mysql 3.23.37
Oracle Mysql 3.23.38
2 EDB exploits
906
VMScore
CVE-2019-13024
Centreon 18.x prior to 18.10.6, 19.x prior to 19.04.3, and Centreon web prior to 2.8.29 allows the malicious user to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command int...
Centreon Centreon 19.04.0
1 EDB exploit
4 Github repositories
905
VMScore
CVE-2014-7288
Symantec PGP Universal Server and Encryption Management Server prior to 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
Symantec Encryption Management Server
Symantec Pgp Universal Server
1 EDB exploit
905
VMScore
CVE-2009-1020
Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Oracle Database Server 9.2.0.8
Oracle Database Server 9.2.0.8dv
Oracle Database Server 10.1.0.5
Oracle Database Server 10.2.0.4
Oracle Database Server 11.1.0.7
1 EDB exploit
905
VMScore
CVE-2008-1866
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for ex...
Pixel Motion Pixel Motion Blog
1 EDB exploit
893
VMScore
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
9 Github repositories
2 Articles
892
VMScore
CVE-2022-23221
H2 Console prior to 2.1.210 allows remote malicious users to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
H2database H2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Communications Cloud Native Core Console 1.9.0
5 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »