Lucene search
+L

149 matches found

OSV
OSV
added 2017/12/28 1:16 p.m.3 views

MGASA-2017-0471 Updated phpmyadmin packages fix security vulnerability

Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc PMASA-2017-9. The phpmyadmin package has been updated to version 4.7.7 to fix...

6.9AI score
Exploits0References10
Mageia
Mageia
added 2017/12/28 1:16 p.m.15 views

Updated phpmyadmin packages fix security vulnerability

Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc PMASA-2017-9. The phpmyadmin package has been updated to version 4.7.7 to fix...

2.8AI score
Exploits0References9
FreeBSD
FreeBSD
added 2017/12/23 12:0 a.m.125 views

phpMyAdmin -- XSRF/CSRF vulnerability

The phpMyAdmin team reports: Description By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Severity We consider this vulnerability to be critical...

0.5AI score
Exploits0References1
CNVD
CNVD
added 2017/10/18 12:0 a.m.8 views

Unspecified Vulnerability in Oracle Common Applications Calendar (CNVD-2017-33681)

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle Corporation. The software provides customer relationship management, service management, financial management, etc. Oracle Common Application Calendar CAC, also known as Oracle...

5.3CVSS7AI score0.01851EPSS
Exploits0References1
Fedora
Fedora
added 2016/09/29 11:5 p.m.40 views

[SECURITY] Fedora 23 Update: php-adodb-5.20.6-2.fc23

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

9.8CVSS0.7AI score0.02984EPSS
Exploits0
Fedora
Fedora
added 2016/09/18 2:32 a.m.41 views

[SECURITY] Fedora 24 Update: php-adodb-5.15-10.fc24

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

6.1CVSS0.7AI score0.01946EPSS
Exploits0
Fedora
Fedora
added 2016/09/11 11:47 p.m.61 views

[SECURITY] Fedora 25 Update: php-adodb-5.15-10.fc25

ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...

6.1CVSS0.7AI score0.01946EPSS
Exploits0
CNVD
CNVD
added 2016/04/20 12:0 a.m.5 views

WordPress Booking Calendar Contact Form plugin SQL injection vulnerability (CNVD-2016-02465)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Booking System Booking Calendar versions prior to 1.1.23 fail to effectively filter the value of ´cpabcipncheck´, which could...

6.6AI score
Exploits0References1
Typo3
Typo3
added 2015/09/30 12:0 a.m.22 views

Information Disclosure in extension "Adminer" (t3adminer)

It has been discovered that the extension "Adminer" t3adminer is susceptible to Information Disclosure. Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 7.0.1 and below Vulnerability...

6.9AI score
Exploits0Affected Software1
CNVD
CNVD
added 2015/07/29 12:0 a.m.7 views

WordPress SP Project & Document Manager plugin 'ajax.php' SQL injection vulnerability

WordPress is a blogging platform developed using the PHP language. The 'SP Project & Document Manager' plugin for WordPress suffers from a sql injection vulnerability in the implementation of 'ajax.php', which can be exploited by an attacker to take control of the application and perform...

7.4AI score
Exploits0References1
myhack58
myhack58
added 2014/09/17 12:0 a.m.20 views

Joomla! Spider Contacts 'index.php' SQL injection vulnerability-vulnerability warning-the black bar safety net

Affected system: Joomla! Spider Contacts = 1.3.6 Description: BUGTRAQ ID: 6 9 7 5 7 Joomla! Spider Contacts is a Joomla! An extension, you can easily manage contact information. Spider Contacts 1.3.6 and earlier in the realization of the presence ofsql injectionvulnerabilities successfully...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2014/04/03 12:0 a.m.25 views

Cacti 'graph_xport.php' SQL注入漏洞

Bugtraq ID:66555 Cacti是一套基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具。 Cacti 'graphxport.php'存在SQL注入漏洞,成功利用后可使攻击者执行未授权数据库操作。 0 Cacti 0.8.8b 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://cacti.net/...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2012/12/16 12:0 a.m.14 views

PT-2013-38: Multiple SQL Injection vulnerabilities in Wonderware Information Server

Positive Research Center experts have discovered multiple "SQL Injection" vulnerabilities in Wonderware Information Server. This vulnerability can be used by an attacker to perform database operations that were unintended by the Web application designer and, in some instances, can lead to total...

9.3CVSS7AI score0.0126EPSS
Exploits0References7
NVD
NVD
added 2012/06/13 7:55 p.m.19 views

CVE-2012-1827

The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request...

6.5CVSS6.2AI score0.01574EPSS
Exploits0References4
Prion
Prion
added 2012/06/13 7:55 p.m.12 views

Server side request forgery (ssrf)

The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request...

6.5CVSS6.7AI score0.01574EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/06/13 7:0 p.m.48 views

CVE-2012-1827

AutoFORM PDM Archive vulnerability CVE-2012-1827 affects versions prior to 7.1. The webservice lacks authorization, allowing remote authenticated users to interact with the application database via SOAP (notably initializeQueryDatabase2), bypassing normal permissions. This can lead to unauthorize...

6.5CVSS6.4AI score0.01574EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2011/09/05 12:0 a.m.59 views

Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger

Affects versions: SQL-Ledger 2.8.33 and lower LedgerSMB 1.2.24 and lower. Both programs have vendor fixes available in the form of new, patched versions. These have been out for over a week with appropriate advisories, with users having time to upgrade. Files affected: LedgerSMB/RP.pm for LedgerS...

0.3AI score
Exploits0
myhack58
myhack58
added 2011/07/16 12:0 a.m.21 views

Ning Chi website management system background without validation vulnerability and fix-vulnerability warning-the black bar safety net

by Mr. DzY from www.0855.tv The online search a bit,it seems like there is no release. Any resemblance purely coincidental! 官方 网站 :www.ningzhi.net School Site Management System V. 2 0 1 1 version http://down.chinaz.com/soft/29943.htm Other versionssuch as:government, etc., self download...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2010/02/09 12:0 a.m.12 views

MOJOs IWms 7 - SQL Injection Cross-Site Scripting

MOJOs IWms 7 - SQL Injection Cross-Site Scripting Exploit Title: MOJO's IWMS | www.DigitalWhisper.co.il Software Link: http://www.mojo.co.il Version: YourXSSHere SQL Injection A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the...

8.1AI score
Exploits0
NVD
NVD
added 2007/07/03 6:30 p.m.13 views

CVE-2007-3527

Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service CPU consumption via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop o...

6.8CVSS6.5AI score0.01556EPSS
Exploits0References6
Rows per page
Query Builder