91 matches found
Cross site request forgery (csrf)
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...
CVE-2023-24840
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...
Mail.ru: Database read through file attachment [content://]
Local malicious application selected as a file picker by user could obtain access to ICQ for Android local database by returning a content URI...
Mail.ru: Database read through provider misconfiguration
Content provider implementation in ICQ for Android allowed another local application to force ICQ private files to be copied to insecure location...
cPanel Arbitrary Database Read Vulnerability
cPanel is a set of Web-based host control management system of the U.S. cPanel. An arbitrary database read vulnerability exists in cPanel versions prior to 82.0.18. An attacker can exploit this vulnerability to read arbitrary databases via a MySQL dump stream...
The vulnerability of the fts5HashEntrySort function in the sqlite3.c file of the SQLite database management system allows a hacker to disclose protected information.
The vulnerability of the fts5HashEntrySort function in the sqlite3.c file of the SQLite database management system is related to a read operation that goes beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to disclose sensitive information that is protected by thi...
Netreo OmniCenter SQL Injection Vulnerability
Netreo OmniCenter is a suite of server and network management software from the American company Netreo. The software is primarily used to monitor server and back-end system status and provide alerts and other features. An SQL injection vulnerability exists in Netreo OmniCenter. It allows an...
CVE-2018-1000867
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...
CVE-2018-1000867
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...
Sql injection
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...
CVE-2018-1000867
Affected software: WeBid (up to current version 1.2.2). Vulnerability: SQL Injection in all five yourauctions*.php scripts, allowing (via HTTP requests) a Blind SQL Injection that can cause database read. Root cause: improper input handling in the listed PHP scripts. Impact: potential data exposu...
CVE-2018-1000867
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...
Design/Logic Flaw
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...
CVE-2018-9852
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23...
Gxlcms QY Information Disclosure Vulnerability
Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the Lib\Lib\Action\Home\HitsAction.class.php file in Gxlcms QY version 1.0.0713. The vulnerability can be exploited by a remote attacker to read data from the database by injecting FROM clauses into the query...
DEBIAN-CVE-2017-14990
WordPress 4.8.2 stores cleartext wpsignups.activationkey values but stores the analogous wpusers.useractivationkey values as hashes, which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access such as access gained through an unspecified...
CVE-2017-14990
WordPress 4.8.2 stores cleartext wpsignups.activationkey values but stores the analogous wpusers.useractivationkey values as hashes, which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access such as access gained through an unspecified...
CVE-2017-14990
WordPress 4.8.2 stores cleartext wpsignups.activationkey values but stores the analogous wpusers.useractivationkey values as hashes, which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access such as access gained through an unspecified...
Sql injection
WordPress 4.8.2 stores cleartext wpsignups.activationkey values but stores the analogous wpusers.useractivationkey values as hashes, which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access such as access gained through an unspecified...
CVE-2017-14990
WordPress 4.8.2 stores cleartext wpsignups.activationkey values but stores the analogous wpusers.useractivationkey values as hashes, which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access such as access gained through an unspecified...