Lucene search
K

72 matches found

BDU FSTEC
BDU FSTEC
added 2019/09/05 12:0 a.m.5 views

The vulnerability of the server management application for CentOS Web Panel stems from deficiencies in access control. This allows attackers to delete any databases on the servers.

The vulnerability of the CentOS Web Panel administration application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to delete any databases on the servers remotely...

6.8CVSS5.5AI score0.01858EPSS
Exploits3References6Affected Software1
NVD
NVD
added 2019/08/21 7:15 p.m.28 views

CVE-2019-14245

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

6.5CVSS6.5AI score0.01858EPSS
Exploits3References4
Prion
Prion
added 2019/08/21 7:15 p.m.11 views

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

5.5CVSS6.4AI score0.01858EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2019/08/21 6:41 p.m.49 views

CVE-2019-14245

CVE-2019-14245 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference in the MySQL management flow that allows an attacker with an account to delete arbitrary databases (e.g., oauthv2) on the server. Root cause: insufficient access control for database-management actions. I...

6.5CVSS6.4AI score0.01858EPSS
Exploits3References4Affected Software1
0day.today
0day.today
added 2019/08/21 12:0 a.m.36 views

CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop Vulnerability

Exploit for linux platform in category web applications Exploit Title : CWP CentOS Control Web Panel Arbitrary database dropping Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user...

5.5CVSS6.6AI score0.01858EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/08/07 12:0 a.m.106 views

WordPress JoomSport 3.3 SQL Injection

Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link: https://wordpress.org/plugins/joomsport-sports-league-results-management...

9.6AI score0.21091EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/07 12:0 a.m.485 views

WordPress Plugin JoomSport 3.3 - SQL Injection

Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Date:29/07/2019. Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link: https://wordpress.org/plugins/joomsport-sports-league-results-management...

9.8CVSS9.8AI score0.21091EPSS
Exploits5
HackRead
HackRead
added 2019/07/08 4:57 p.m.99 views

Man who carried out DDoS attacks against PSN & Xbox jailed

By Waqas The cybercriminal was also involved in several other cybercrimes including swatting and deleting databases of targeted websites. Austin Thompson, a DDoS attacker going by the online handle of Derp Trolling has been sentenced to 2.25 years 27 months in prison for conducting DDoS attacks o...

0.6AI score
Exploits0
Prion
Prion
added 2019/02/11 5:29 p.m.13 views

Cross site request forgery (csrf)

MyWebSQL 3.7 has a Cross-site request forgery CSRF vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI...

4.9CVSS5.8AI score0.00443EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/02/11 5:29 p.m.5 views

CVE-2019-7730

MyWebSQL 3.7 has a Cross-site request forgery CSRF vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI...

5.7CVSS6.5AI score0.00443EPSS
Exploits1References1
CVE
CVE
added 2019/02/11 5:0 p.m.40 views

CVE-2019-7730

Summary: MyWebSQL 3.7 contains a CSRF vulnerability that allows deletion of databases via the URI "/?q=wrkfrm&type=databases". Affected product: MyWebSQL (version 3.7). Vulnerability details: Cross-site request forgery could enable an authenticated attacker to perform database deletion through th...

5.7CVSS6.6AI score0.00443EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/01/15 9:29 p.m.17 views

CVE-2019-0016

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Spac...

6.5CVSS6.5AI score0.00926EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/10 12:0 a.m.61 views

Juniper Junos Space < 18.3R1 Multiple Vulnerabilities (JSA10917)

According to its self-reported version number, the remote Junos Space version is prior to 18.3R1. It is, therefore, affected by multiple vulnerabilities: - A use after free vulnerability exists in the dogetmempolicy function. An local attacker can exploit this to cause a denial of service...

8.8CVSS7AI score0.60631EPSS
Exploits3References10
The Hacker News
The Hacker News
added 2018/09/19 3:32 p.m.6 views

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new...

9.8CVSS7.3AI score0.98518EPSS
Exploits19
CNVD
CNVD
added 2018/05/14 12:0 a.m.35 views

Easy Hosting Control Panel Cross-Site Request Forgery Vulnerability

Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A cross-site request forgery vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program failing to properly filter user-submitted data....

8.8CVSS8.8AI score0.10463EPSS
Exploits2References1
Citrix
Citrix
added 2017/05/09 12:0 a.m.8 views

XenMobile - Deleting the certificate entries directly from the Database

When we try to upload new SSL cert on XenMobile server, it fails to to get uploadedbecause of present certificate and because of data corruption in DB we are not able to delete the old certificate from the XenMobile console so insuch scenario, we need to delete it from database directly. Note :...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2017/03/01 9:0 p.m.23 views

CVE-2016-9993

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference : 1992067...

7.1AI score0.00853EPSS
Exploits0References1
hackapp
hackapp
added 2016/04/01 9:32 a.m.13 views

London Tube Assistant - SQLite database found, Unsafe deleting vulnerabilities

HackApp vulnerability scanner discovered that application London Tube Assistant published at the 'play' market has multiple vulnerabilities...

0.2AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/07/18 12:0 a.m.4 views

IBM DB2 Data Movement Access Control Data Modification Vulnerability

IBM DB2 is a set of relational database management system developed by IBM in the United States, and its main operating environments are UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 that allows a...

3.5CVSS6.6AI score0.01749EPSS
Exploits0References1
myhack58
myhack58
added 2014/12/10 12:0 a.m.14 views

Discuz! Micro-channel public platform plug-ins patch to bypass the override to delete the database-vulnerability warning-the black bar safety net

Discuz! Micro-channel public platform plug-ins patch to bypass the override to delete the database, and can completely bypass the Baidu cloud waf A vulnerability published is getshell, the results of the plug-in in response to the rapid Ah, today hit the patch, have to say dz is awesome Then real...

7.4AI score
Exploits0
Rows per page
Query Builder