IBM DB2 Information Disclosure Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in db2cacpy in IBM DB2 including DB2 Connect Server based on Linux,...

LFCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-14218)

LFCMS is a video-on-demand system based on ThinkPHP and MySQL. A cross-site request forgery vulnerability exists in LFCMS version 3.7.0. A remote attacker can exploit this vulnerability to arbitrarily add users...

IBM DB2 for Linux, UNIX and Windows Buffer Overflow Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A buffer overflow vulnerability exists in IBM DB2 including DB2 Connect Server based on Linux, UNIX,...

IBM DB2 for Linux, UNIX and Windows File Overwrite Vulnerability (CNVD-2018-10561)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 including DB2 Connect Server for Linux, UNIX, and...

MGASA-2018-0226 Updated nextcloud packages fix security vulnerabilities and update version

Mageia 6 brings Nextcloud 11, which is not supported anymore upstream. This update brings version 12 with several security fixes. The database system is now in a separate package, so you will have to choose manually the one you are using...

Random multifunctional message board cms has XSS vulnerability

Random Multifunctional Message Board is a multifunctional message board system developed by php+MySQL. Casual multifunctional message board cms there are XSS vulnerabilities , attackers can exploit the vulnerability to obtain sensitive information such as user cookies...

Code execution vulnerability in x5music

x5music Free Edition is an audio-visual management system developed using php+Mysql. A code execution vulnerability exists in x5music, which stems from misconfiguration of the code in the extraction template and can be exploited by an attacker to execute code...

[SECURITY] [DLA-1271-1] postgresql-9.1 security update

Package : postgresql-9.1 Version : 9.1.24lts2-0+deb7u2 CVE ID : CVE-2018-1053 A vulnerabilities has been found in the PostgreSQL database system: CVE-2018-1053 Tom Lane discovered that pgupgrade, a tool used to upgrade PostgreSQL database clusters, creates temporary files containing password hash...

Apache CouchDB 1.x < 1.7.0, 2.x < 2.1.1 Multiple Vulnerabilities - Linux

Apache CouchDB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb"; ifdescripti...

CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

Real Estate MLM Plan Script 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Real Estate MLM plan script v1.0 - 'srch' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.mlmscript.in/ Software Link: http://www.mlmscript.in/real-estate-mlm-script.html Version: 1.0...

SchoolCMS suffers from a variable override vulnerability (CNVD-2017-30716)

SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS suffers from a variable override vulnerability. An attacker can utilize the browser's TAB function to reset any user's password...

CVE-2017-1439

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 includes DB2 Connect Server could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058...

osTicket 1.10 - SQL Injection (PoC)

osTicket 1.10 - SQL Injection PoC 1. ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions...

MySQL/MariaDB MantisBT Task File Read Vulnerability

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability in MantisBT on MySQL/MariaDB allows remote attackers to exploit the vulnerability by submitting a special request to access files on the MantisBT server...

[SECURITY] [DSA 3824-1] firebird2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3824-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 29, 2017 https://www.debian.org/security/faq -...

ProjectSend r754 Authentication Bypass Vulnerability

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. An authentication bypass vulnerability exists in ProjectSend, which can be exploited by an attacker to bypass the authentication mechanism in an affected application and gain unauthorized access to t...

CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6612

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...