Lucene search
K

143 matches found

Hacker One
Hacker One
added 2025/06/25 2:34 a.m.13 views

SingleStore: IDOR - Scheduled data leak to other accounts By "projectID"

The Insecure Direct Object Reference IDOR vulnerability was discovered in the GetNotebookScheduledPaginatedJobs endpoint on backend.singlestore.com. The API failed to verify the requestor's permission to access the specified project, allowing an authenticated user to access scheduled job...

6.4AI score
Exploits0
OSV
OSV
added 2025/01/23 6:15 a.m.0 views

DEBIAN-CVE-2025-24530

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...

6.4CVSS8.1AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2023/08/25 1:15 a.m.30 views

CVE-2023-40570

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS5.2AI score0.00464EPSS
Exploits0References2
PyPA
PyPA
added 2023/08/25 1:15 a.m.9 views

PYSEC-2023-154

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS7.1AI score0.00464EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.6 views

Datasette 安全漏洞

Datasette is an open source multifunctional tool for applications to explore and publish data A security vulnerability exists in Datasette that originates from a /-/api resource manager endpoint that discloses database and table names to an unauthenticated attacker. Affected products and versions...

5.3CVSS5.6AI score0.00464EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.3 views

SUSE CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

4.3CVSS6.3AI score0.0221EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-4348

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly handled after presence in a the favorite list or b recent tables...

3.5CVSS5.7AI score0.01519EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.4 views

SUSE CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

4.3CVSS5.7AI score0.02441EPSS
Exploits0References5
Huntr
Huntr
added 2022/02/20 5:21 a.m.48 views

Insertion of Sensitive Information Into Debugging Code

Description Laravel debug mode exposes sensitive data, eg: internal source codes, stack traces, sql queries, databases names, tables names, user's cookies, email, phone number, username, laravel version, php version, etc Proof of Concept 1. Login into http://demo.microweber.org 2. Navigate to thi...

4CVSS0.6AI score0.01376EPSS
Exploits1
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.6 views

Froxlor SQL注入漏洞

Froxlor is a lightweight server management software from the Froxlor team. a security vulnerability exists in Froxlor that allows SQL injection via custom database names in the database manager DbManagerMySQL.php. no details of the vulnerability are currently provided...

9.8CVSS5.8AI score0.11812EPSS
Exploits4References4
0day.today
0day.today
added 2021/09/20 12:0 a.m.276 views

Church Management System 1.0 - search SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Church Management System 1.0 - 'search' SQL Injection Unauthenticated Exploit Author: Erwin Krazek Nero Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...

0.7AI score
Exploits0
CNVD
CNVD
added 2020/12/03 12:0 a.m.3 views

Trend Micro Apex One and OfficeScan XG Incorrect Access Control Information Disclosure Vulnerability (CNVD-2020-73780)

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities.Trend Micro OfficeScan XG is a suite of distributed anti-virus software from Trend Micro. An incorrect access control information disclosure...

5.3CVSS6.3AI score0.03206EPSS
Exploits0References1
OSV
OSV
added 2020/12/01 7:15 p.m.6 views

CVE-2020-28577

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names...

5.3CVSS5.8AI score0.03206EPSS
Exploits0References3
OSV
OSV
added 2020/07/20 6:15 p.m.2 views

UBUNTU-CVE-2020-15121

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

9.6CVSS5.8AI score0.01558EPSS
Exploits0References5
NVD
NVD
added 2020/04/14 5:15 p.m.24 views

CVE-2020-10381

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names...

5.3CVSS5.9AI score0.01093EPSS
Exploits0References1
OSV
OSV
added 2020/04/14 5:15 p.m.5 views

CVE-2020-10381

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names...

5.3CVSS6.1AI score0.01093EPSS
Exploits0References1
Prion
Prion
added 2020/04/14 5:15 p.m.20 views

Sql injection

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names...

5CVSS5.9AI score0.01093EPSS
Exploits0References1Affected Software2
Github Security Blog
Github Security Blog
added 2020/02/26 7:55 p.m.77 views

Users can view database names in Apache Superset

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...

5.3CVSS4AI score0.02707EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/02/18 12:0 a.m.3 views

LabVantage LIMS Information Disclosure Vulnerability

LabVantage Solutions LIMS is a laboratory letter management system from LabVantage Solutions in the United States. An information disclosure vulnerability exists in LabVantage LIMS 8.3. The vulnerability stems from LabVantage LIMS failing to properly maintain the confidentiality of database names...

5.3CVSS6.3AI score0.01378EPSS
Exploits1References1
OSV
OSV
added 2020/02/17 9:15 p.m.3 views

CVE-2020-7959

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...

5.3CVSS6AI score0.01378EPSS
Exploits1References2
Rows per page
Query Builder