CVE-2017-18409

In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases SEC-283...

CVE-2002-1809

The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database...

[SECURITY] Fedora 41 Update: mysql8.0-8.0.41-1.fc41

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Azure Linux 3.0 Security Update: vitess (CVE-2024-53257)

The version of vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53257 advisory. - Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env...

Feng Office 3.11.1.2 - SQL Injection

Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...

📄 Pandora FMS Authenticated Command Injection

This Metasploit module exploits a command injection vulnerability in the chromium-path or phantomjs-bin directory setting at the application settings page of Pandora FMS. You need to have administrative access in the Pandora FMS web application in order to achieve remote code execution. This modu...

SourceCodester Online Eyewear Shop 安全漏洞

SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL that provides an online shopping and ordering platform for the eyewear business and its potential customers. A security vulnerability exists in SourceCodester Onli...

RHEL 8 : mysql:8.0 (RHSA-2025:2883)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:2883 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries...

Linux Distros Unpatched Vulnerability : CVE-2016-0546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

CVE-2024-31864

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

CVE-2024-32979

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL...

UBUNTU-CVE-2025-21519

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password

Pandora FMS is a monitoring solution that provides full observability for your organization's technology. This module exploits an command injection vulnerability in the LDAP authentication mechanism of Pandora FMS. You need have admin access at the Pandora FMS Web application in order to execute...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

Exploit for CVE-2024-12025

CVE-2024-12025 Collapsing Categories = 5.0 AND error-based - W...

Dolibarr 20.0.1 SQL Injection

Titles: dolibarr 20.0.1 Multiple security token SQLi Author: nu11secur1ty Date: 10/15/2024 Vendor: https://www.dolibarr.org/ Software: https://www.dolibarr.org/downloads.php Reference: https://portswigger.net/web-security/sql-injection Description: The socid parameter appears to be vulnerable to...

C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection

Advisory ID: SYSS-2024-023 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: -...

python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django

A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match...