Lucene search
K

259 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 4:47 p.m.28 views

phpMyAdmin SQL injection in Designer feature

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...

9.8CVSS8AI score0.04196EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/20 10:34 p.m.45 views

CVE-2019-11768

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature...

9.8CVSS2.3AI score0.04196EPSS
Exploits0References1
OSV
OSV
added 2022/05/17 5:23 a.m.6 views

GHSA-Q68V-VCJG-R3VP TYPO3 allows remote attackers to obtain the database name via a direct request

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

5CVSS6.3AI score0.03091EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 5:23 a.m.14 views

TYPO3 allows remote attackers to obtain the database name via a direct request

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

5CVSS7.1AI score0.03091EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 5:19 a.m.1 views

GHSA-9J9H-CPGC-8356 phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

6.5CVSS6AI score0.0221EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2022/05/17 5:19 a.m.7 views

phpMyAdmin vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

4.3CVSS6.6AI score0.0221EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2022/05/17 4:19 a.m.15 views

GHSA-5P69-RMX8-7GW7 phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

3.5CVSS5.1AI score0.01449EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 4:19 a.m.23 views

phpMyAdmin Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

3.5CVSS5.6AI score0.01449EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/14 3:14 a.m.23 views

GHSA-WPWW-HX7X-XFJH phpMyAdmin PHP code injection

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

8.8CVSS7.8AI score0.02299EPSS
Exploits0References6
OSV
OSV
added 2022/05/14 2:5 a.m.155 views

GHSA-PVR5-84GR-G985 phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name, related to the...

3.5CVSS6.2AI score0.01519EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2021/11/08 12:0 a.m.618 views

Froxlor 0.10.29.1 SQL Injection

Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Date: 2021-11-05 Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Teste...

7.5CVSS9.2AI score0.11812EPSS
Exploits4
OSV
OSV
added 2021/10/13 6:15 p.m.3 views

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

9.8CVSS7.5AI score0.00964EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/13 12:0 a.m.7 views

Proofpoint Insider Threat Management Server SQL注入漏洞

Proofpoint Insider Threat Management Server is a server-side application from Proofpoint, Inc. that is used to prevent malicious operations by enterprise insiders. A security vulnerability exists in Proofpoint Insider Threat Management Server that stems from incorrect input validation of the...

9.8CVSS8.8AI score0.00964EPSS
Exploits0References3
NVD
NVD
added 2021/09/18 4:15 p.m.21 views

CVE-2021-41395

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...

6.5CVSS0.00822EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/09/18 3:15 p.m.22 views

CVE-2021-41395

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...

6.6AI score0.00822EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/18 12:0 a.m.6 views

Teleport 安全漏洞

Teleport is an identity-aware, multi-protocol access agent from Teleport USA, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments.Teleport suffers from a security vulnerability that could be...

6.5CVSS6.5AI score0.00822EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/02 12:0 a.m.5 views

CraigMS 命令注入漏洞

CraigMS is an open source CMS. CraigMS version 1.0 has a security vulnerability that allows an attacker to execute arbitrary commands by entering carefully crafted inputs into the DB Name field...

9.8CVSS8.7AI score0.01781EPSS
Exploits1References2
OSV
OSV
added 2021/06/03 11:15 a.m.2 views

CVE-2021-31830

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...

4.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.5 views

McAfee 数据库 跨站脚本漏洞

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...

5.9CVSS5.7AI score0.00501EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/06/03 12:0 a.m.5 views

PT-2021-19533 · Mcafee · Mcafee Database Security

Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the...

5.9CVSS5.1AI score0.00501EPSS
Exploits0References3
Rows per page
Query Builder