94 matches found
SQL Injection
froxlor/froxlor is vulnerable to SQL injection. An unauthenticated attacker is able to inject and execute arbitrary SQL commands in the database through Database/Manager/DbManagerMySQL.php via a custom DB name...
CVE-2021-42325
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name...
CVE-2021-42325
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name...
CVE-2019-25021
In Scytl sVote 2.1, the vulnerability stems from the database manager implementation, allowing an attacker to access OrientDB by using the admin password as the admin password and preventing setting a different password due to code logic. This enables unauthorized access to the OrientDB instance....
CVE-2019-25021
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code...
Elderly China Chopper Tool Still Going Strong in Multiple Campaigns
A nine-year-old web shell used for providing remote access to web servers for cyberattackers is staying very active despite its advanced age in cyber-years, anyway. Researchers said they’ve spotted it being used in several recent campaigns – all with disparate goals. The tool, known as China...
Odoo Access Control Error Vulnerability (CNVD-2019-30569)
Odoo is an open source commercial system from the Belgian company Odoo. An access control error vulnerability exists in the database manager component of Odoo, which can be exploited by an attacker to restore a database and change arbitrary passwords...
CVE-2018-14885
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds...
Improper access control
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds...
CVE-2018-14885
The CVE-2018-14885 entry concerns an Incorrect access control flaw in the database manager component of Odoo, affecting Odoo Community 10.0/11.0 and Odoo Enterprise 10.0/11.0. The underlying issue allows a remote attacker to restore a database dump without the super-admin password, with an arbitr...
CVE-2018-14885
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds...
HPE Intelligent Management Center Buffer Overflow Vulnerability (CNVD-2019-00114)
HPE Intelligent Management Center iMC PLAT is a suite of network intelligent management center solutions from Hewlett Packard Enterprise HPE. The solution provides network-wide visibility and enables comprehensive management of resources, services and users. A security vulnerability exists in Dbm...
HPE Intelligent Management Center Buffer Overflow Vulnerability
HPE Intelligent Management Center iMC PLAT for Windows is a suite of intelligent management center solutions for networks based on the Windows platform from Hewlett Packard Enterprise HPE. The solution provides network-wide visibility and enables comprehensive management of resources, services an...
Security Bulletin: Multiple vulnerabilities of Mozilla Firefox in IBM Storwize V7000 Unified
Summary There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.3.0.0 to 1.5.2.1 of IBM Storwize V7000 Unified Vulnerability Details IBM Storwize V7000 Unified is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla...
BD DB Manager and PerformA Design Vulnerabilities
BD DB Manager and PerformA are both products of BD Bection,Dickinson and Commpany.BD DB Manager is a database manager.PerformA is a performance manager. A security vulnerability exists in BD DB Manager 3.0.1.0 and earlier versions and PerformA 3.0.0.0 and earlier versions. An attacker can exploit...
BD Kiestra and InoquIA Systems (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable from adjacent network Vendor : Becton, Dickinson and Company BD Equipment : BD Kiestra and InoqulA systems Vulnerabilities : Product UI does not Warn User of Unsafe Actions 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform arises from insufficient validation of input data, allowing a perpetrator to execute arbitrary code.
The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
WordPress WP-DBManager Plugin Information Disclosure Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . WP-DBManager aka Database Manager plugin is used in one of the database management plugin . An information...
WordPress WP-DBManager plugin Sql Run Query panel file download vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development , the platform supports in PHP and MySQL server set up a personal blog site . WP-DBManager aka Database Manager is one of the database management plug-ins . Sql Run Query panel is one of the S...
Design/Logic Flaw
The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...