1301 matches found
CVE-2017-1000005
PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data stealing data...
XYCMS column management module pid parameters have sql injection vulnerability
XYCMS, formerly known as Nanjing XYCMS Enterprise Station Building System, is a station building platform that provides one-stop web solutions for Chinese enterprises. XYCMS PHP version 1.4 version of the column management module there is a sql injection vulnerability, due to the pid parameter...
HP Vertica Analytics Platform Remote Privilege Vulnerability
Vertica is a column-based storage MPP massively parallel processing architecture of the database. It can support the storage of up to PB Petabyte level of structured data. A remote privilege extraction vulnerability exists in HP Vertica Analytics Platform 4.1 and later versions, which can be...
CVE-2017-6878
Cross-site scripting XSS vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name2 parameter to admin/column/delete.php...
Microsoft Internet Explorer and Edge Remote Code Execution Vulnerability (CNVD-2017-02514)
Microsoft Internet Explorer is the default browser that comes with operating systems prior to Windows 10, and Microsoft Edge is the default browser that comes with the latest operating system, Windows 10. The 'Layout::MultiColumnBoxBuilder:. HandleColumnBreakOnColumnSpanningElement' function has ...
CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...
openSUSE Security Update : roundcubemail (openSUSE-2016-1205)
This update for roundcubemail to 1.1.6 fixes several issues boo1001856. These security issues were fixed : - Fix XSS issue in href attribute on area tag - Wash position:fixed style in HTML mail for better security These non-security issues were fixed : - Searching in both contacts and groups when...
CVE-2016-5703
SQL injection vulnerability in libraries/centralcolumns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query...
CVE-2016-5703
SQL injection vulnerability in libraries/centralcolumns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query...
Oracle MySQL 5.7.x < 5.7.8 Multiple Vulnerabilities
Binary data 9239.prm...
phpMyAdmin cross-site scripting vulnerability (CNVD-2016-01415)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...
py-djblets -- Self-XSS vulnerability
Djblets Release Notes reports: A recently-discovered vulnerability in the datagrid templates allows an attacker to generate a URL to any datagrid page containing malicious code in a column sorting value. If the user visits that URL and then clicks that column, the code will execute. The cause of...
phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability
The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...
DEBIAN-CVE-2015-8742
The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a crafted packet...
DEBIAN-CVE-2015-8740
The dissecttds7colmetadatatoken function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash via a crafted packet...
UBUNTU-CVE-2015-8742
The dissectCPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service memory consumption or application crash via a crafted packet...
CVE-2015-8740
The dissecttds7colmetadatatoken function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash via a crafted packet...
Wireshark TDS Parser Denial of Service Vulnerability
Wireshark is the most popular network protocol parser. Wireshark version 2.0.x prior to 2.0.1, the function dissecttds7colmetadatatoken within epan/dissectors/packet-tds.c in the TDS parser does not validate the number of columns, and by constructing packets, a remote attacker can exploit this...
Sql injection
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 searchcolumn or 2 switch parameter...
Welcart vulnerable to SQL injection
Overview Welcart provided by Collne Inc. is a WordPress plugin. Welcart contains an SQL injection vulnerability CWE-89 due to a flaw in the processing of searchcolumn and switch parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...