149 matches found
MGASA-2017-0471 Updated phpmyadmin packages fix security vulnerability
Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc PMASA-2017-9. The phpmyadmin package has been updated to version 4.7.7 to fix...
Updated phpmyadmin packages fix security vulnerability
Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc PMASA-2017-9. The phpmyadmin package has been updated to version 4.7.7 to fix...
phpMyAdmin -- XSRF/CSRF vulnerability
The phpMyAdmin team reports: Description By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Severity We consider this vulnerability to be critical...
Unspecified Vulnerability in Oracle Common Applications Calendar (CNVD-2017-33681)
Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle Corporation. The software provides customer relationship management, service management, financial management, etc. Oracle Common Application Calendar CAC, also known as Oracle...
[SECURITY] Fedora 23 Update: php-adodb-5.20.6-2.fc23
ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...
[SECURITY] Fedora 24 Update: php-adodb-5.15-10.fc24
ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...
[SECURITY] Fedora 25 Update: php-adodb-5.15-10.fc25
ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...
WordPress Booking Calendar Contact Form plugin SQL injection vulnerability (CNVD-2016-02465)
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Booking System Booking Calendar versions prior to 1.1.23 fail to effectively filter the value of ´cpabcipncheck´, which could...
Information Disclosure in extension "Adminer" (t3adminer)
It has been discovered that the extension "Adminer" t3adminer is susceptible to Information Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.0.1 and below Vulnerability...
WordPress SP Project & Document Manager plugin 'ajax.php' SQL injection vulnerability
WordPress is a blogging platform developed using the PHP language. The 'SP Project & Document Manager' plugin for WordPress suffers from a sql injection vulnerability in the implementation of 'ajax.php', which can be exploited by an attacker to take control of the application and perform...
Joomla! Spider Contacts 'index.php' SQL injection vulnerability-vulnerability warning-the black bar safety net
Affected system: Joomla! Spider Contacts = 1.3.6 Description: BUGTRAQ ID: 6 9 7 5 7 Joomla! Spider Contacts is a Joomla! An extension, you can easily manage contact information. Spider Contacts 1.3.6 and earlier in the realization of the presence ofsql injectionvulnerabilities successfully...
Cacti 'graph_xport.php' SQL注入漏洞
Bugtraq ID:66555 Cacti是一套基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具。 Cacti 'graphxport.php'存在SQL注入漏洞,成功利用后可使攻击者执行未授权数据库操作。 0 Cacti 0.8.8b 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://cacti.net/...
PT-2013-38: Multiple SQL Injection vulnerabilities in Wonderware Information Server
Positive Research Center experts have discovered multiple "SQL Injection" vulnerabilities in Wonderware Information Server. This vulnerability can be used by an attacker to perform database operations that were unintended by the Web application designer and, in some instances, can lead to total...
CVE-2012-1827
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request...
Server side request forgery (ssrf)
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request...
CVE-2012-1827
AutoFORM PDM Archive vulnerability CVE-2012-1827 affects versions prior to 7.1. The webservice lacks authorization, allowing remote authenticated users to interact with the application database via SOAP (notably initializeQueryDatabase2), bypassing normal permissions. This can lead to unauthorize...
Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger
Affects versions: SQL-Ledger 2.8.33 and lower LedgerSMB 1.2.24 and lower. Both programs have vendor fixes available in the form of new, patched versions. These have been out for over a week with appropriate advisories, with users having time to upgrade. Files affected: LedgerSMB/RP.pm for LedgerS...
Ning Chi website management system background without validation vulnerability and fix-vulnerability warning-the black bar safety net
by Mr. DzY from www.0855.tv The online search a bit,it seems like there is no release. Any resemblance purely coincidental! 官方 网站 :www.ningzhi.net School Site Management System V. 2 0 1 1 version http://down.chinaz.com/soft/29943.htm Other versionssuch as:government, etc., self download...
MOJOs IWms 7 - SQL Injection Cross-Site Scripting
MOJOs IWms 7 - SQL Injection Cross-Site Scripting Exploit Title: MOJO's IWMS | www.DigitalWhisper.co.il Software Link: http://www.mojo.co.il Version: YourXSSHere SQL Injection A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the...
CVE-2007-3527
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service CPU consumption via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop o...