143 matches found
SingleStore: IDOR - Scheduled data leak to other accounts By "projectID"
The Insecure Direct Object Reference IDOR vulnerability was discovered in the GetNotebookScheduledPaginatedJobs endpoint on backend.singlestore.com. The API failed to verify the requestor's permission to access the specified project, allowing an authenticated user to access scheduled job...
DEBIAN-CVE-2025-24530
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...
CVE-2023-40570
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
PYSEC-2023-154
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
Datasette 安全漏洞
Datasette is an open source multifunctional tool for applications to explore and publish data A security vulnerability exists in Datasette that originates from a /-/api resource manager endpoint that discloses database and table names to an unauthenticated attacker. Affected products and versions...
SUSE CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
SUSE CVE-2014-4348
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database name or 2 table name that is improperly handled after presence in a the favorite list or b recent tables...
SUSE CVE-2014-8958
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...
Insertion of Sensitive Information Into Debugging Code
Description Laravel debug mode exposes sensitive data, eg: internal source codes, stack traces, sql queries, databases names, tables names, user's cookies, email, phone number, username, laravel version, php version, etc Proof of Concept 1. Login into http://demo.microweber.org 2. Navigate to thi...
Froxlor SQL注入漏洞
Froxlor is a lightweight server management software from the Froxlor team. a security vulnerability exists in Froxlor that allows SQL injection via custom database names in the database manager DbManagerMySQL.php. no details of the vulnerability are currently provided...
Church Management System 1.0 - search SQL Injection (Unauthenticated) Vulnerability
Exploit Title: Church Management System 1.0 - 'search' SQL Injection Unauthenticated Exploit Author: Erwin Krazek Nero Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
Trend Micro Apex One and OfficeScan XG Incorrect Access Control Information Disclosure Vulnerability (CNVD-2020-73780)
Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities.Trend Micro OfficeScan XG is a suite of distributed anti-virus software from Trend Micro. An incorrect access control information disclosure...
CVE-2020-28577
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names...
UBUNTU-CVE-2020-15121
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...
CVE-2020-10381
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names...
CVE-2020-10381
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names...
Sql injection
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names...
Users can view database names in Apache Superset
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...
LabVantage LIMS Information Disclosure Vulnerability
LabVantage Solutions LIMS is a laboratory letter management system from LabVantage Solutions in the United States. An information disclosure vulnerability exists in LabVantage LIMS 8.3. The vulnerability stems from LabVantage LIMS failing to properly maintain the confidentiality of database names...
CVE-2020-7959
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...