CVE-2014-8336

The WP-DBManager WordPress plugin (pre-2.7.2) contains a vulnerability in the Sql Run Query panel that allows remote read of arbitrary files by exploiting insufficient query restriction, demonstrated via LOAD_FILE in an INSERT statement. Affected product: WP-DBManager plugin for WordPress. Impact...

CVE-2014-8335

The CVE-2014-8335 entry relates to the WP-DBManager (aka Database Manager) WordPress plugin, affected in versions prior to 2.7.2. The vulnerability affects the files wp-dbmanager.php and database-manage.php, where credentials are placed on the mysqldump command line, enabling local users to obtai...

MyWebSQL Database Manager Component Cross-Site Scripting Vulnerability

MyWebSQL is a web-based MySQL database management client developed by software developer Samnan ur Rehman. database manager component is one of the database management components. A cross-site scripting vulnerability exists in the database manager component of MyWebSQL version 3.6. A remote...

CVE-2017-1000011

MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information...

CVE-2017-1000011

MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information...

Cross site scripting

MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information...

CVE-2017-1000011

MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information...

CVE-2017-1000011

CVE-2017-1000011 affects MyWebSQL version 3.6, with a stored XSS vulnerability in the database manager component. This can lead to account takeover or theft of information through cross-site scripting. Public documents consistently identify this as a stored XSS issue without detailing exploit vec...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs bsc935979. -...

Firefox < 39.0 Multiple Vulnerabilities (Mac OS X) (Logjam)

The version of Firefox installed on the remote Mac OS X host is prior to 39.0. It is, therefore, affected by multiple vulnerabilities : - A security downgrade vulnerability exists due to a flaw in Network Security Services NSS. When a client allows for a ECDHEECDSA exchange, but the server does n...

firefox: multiple issues

CVE-2015-2722, CVE-2015-2733 Use-after-free in workers while using XMLHttpRequest: Security researcher Looben Yan used the Address Sanitizer tool to discover two related use-after-free vulnerabilities that occur when using XMLHttpRequest in concert with either shared or dedicated workers. These...

Type confusion in Indexed Database Manager — Mozilla

Security researcher Paul Bandha reported a type confusion error where part of IDBDatabase is read by the Indexed Database Manager and incorrectly used as a pointer when it shouldn't be used as such. This leads to memory corruption and the possibility of an exploitable crash...

Heroku API - Re Auth Session Token Bypass Vulnerability

Document Title: =============== Heroku API - Re Auth Session Token Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1336 View: https://www.youtube.com/watch?v=1WpWVVXVUSs Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1323 Release Date:...

Vulnerabilities in WordPress Database Manager v2.7.1

Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/ Downloads: 1,171,358 Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/ Contacted: 10/13/2014, Vulnerabilities addressed...

Design/Logic Flaw

The WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 $backup'filepath' aka "Path to Backup:" field or 2 $backup'mysqldumppath' variable...

CVE-2014-8334

The CVE-2014-8334 issue affects the WordPress WP-DBManager plugin (pre-2.7.2). Vulnerable component: the backup handling code that reads $backup[' filepath'] and $backup['mysqldumppath']; root cause is shell metacharacter handling, enabling remote authenticated users to execute arbitrary commands...

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities. Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/...

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/ Downloads: 1,171,358 Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/ Contacted: 10/13/2014, Vulnerabilities addressed...

SQLiteManager 1.2.4 - Remote PHP Code Injection Vulnerability

No description provided by source. Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGame Vendor Homepage:...

SQLiteManager 1.2.4 PHP Code Injection

Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGame Vendor Homepage: http://www.Relagame.co.il Software Lin...