72 matches found
The vulnerability of the server management application for CentOS Web Panel stems from deficiencies in access control. This allows attackers to delete any databases on the servers.
The vulnerability of the CentOS Web Panel administration application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to delete any databases on the servers remotely...
CVE-2019-14245
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...
CVE-2019-14245
CVE-2019-14245 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference in the MySQL management flow that allows an attacker with an account to delete arbitrary databases (e.g., oauthv2) on the server. Root cause: insufficient access control for database-management actions. I...
CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop Vulnerability
Exploit for linux platform in category web applications Exploit Title : CWP CentOS Control Web Panel Arbitrary database dropping Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user...
WordPress JoomSport 3.3 SQL Injection
Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link: https://wordpress.org/plugins/joomsport-sports-league-results-management...
WordPress Plugin JoomSport 3.3 - SQL Injection
Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link: https://wordpress.org/plugins/joomsport-sports-league-results-management...
Man who carried out DDoS attacks against PSN & Xbox jailed
By Waqas The cybercriminal was also involved in several other cybercrimes including swatting and deleting databases of targeted websites. Austin Thompson, a DDoS attacker going by the online handle of Derp Trolling has been sentenced to 2.25 years 27 months in prison for conducting DDoS attacks o...
Cross site request forgery (csrf)
MyWebSQL 3.7 has a Cross-site request forgery CSRF vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI...
CVE-2019-7730
MyWebSQL 3.7 has a Cross-site request forgery CSRF vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI...
CVE-2019-7730
Summary: MyWebSQL 3.7 contains a CSRF vulnerability that allows deletion of databases via the URI "/?q=wrkfrm&type=databases". Affected product: MyWebSQL (version 3.7). Vulnerability details: Cross-site request forgery could enable an authenticated attacker to perform database deletion through th...
CVE-2019-0016
A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Spac...
Juniper Junos Space < 18.3R1 Multiple Vulnerabilities (JSA10917)
According to its self-reported version number, the remote Junos Space version is prior to 18.3R1. It is, therefore, affected by multiple vulnerabilities: - A use after free vulnerability exists in the dogetmempolicy function. An local attacker can exploit this to cause a denial of service...
New Malware Combines Ransomware, Coin Mining and Botnet Features in One
Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new...
Easy Hosting Control Panel Cross-Site Request Forgery Vulnerability
Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A cross-site request forgery vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program failing to properly filter user-submitted data....
XenMobile - Deleting the certificate entries directly from the Database
When we try to upload new SSL cert on XenMobile server, it fails to to get uploadedbecause of present certificate and because of data corruption in DB we are not able to delete the old certificate from the XenMobile console so insuch scenario, we need to delete it from database directly. Note :...
CVE-2016-9993
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...
London Tube Assistant - SQLite database found, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application London Tube Assistant published at the 'play' market has multiple vulnerabilities...
IBM DB2 Data Movement Access Control Data Modification Vulnerability
IBM DB2 is a set of relational database management system developed by IBM in the United States, and its main operating environments are UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 that allows a...
Discuz! Micro-channel public platform plug-ins patch to bypass the override to delete the database-vulnerability warning-the black bar safety net
Discuz! Micro-channel public platform plug-ins patch to bypass the override to delete the database, and can completely bypass the Baidu cloud waf A vulnerability published is getshell, the results of the plug-in in response to the rapid Ah, today hit the patch, have to say dz is awesome Then real...