678 matches found
Simple Task Scheduling System sql injection vulnerability
Simple Task Scheduling System, a task scheduling system, is vulnerable to a SQL injection vulnerability in Simple Task Scheduling System version 1.0. An attacker can use this vulnerability to issue SQL commands to the MySQL database via the vulnerable "id" parameter...
CVE-2022-30927
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter...
CVE-2022-30927
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter...
GHSA-F57C-HX33-HVH8 Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...
[SECURITY] [DLA 3002-1] adminer security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3002-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 13, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Ecommerce-Website 代码问题漏洞
Ecommerce-Website is complete e-commerce website with an administration panel built using PHP and MySql. version v1.1.0 of Ecommece-Website is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted PHP files...
Files or Directories Accessible to External Parties in Adminer
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...
GHSA-RXFQ-3VPC-VV72 Files or Directories Accessible to External Parties in Adminer
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...
Improper access control
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...
CVE-2021-43008
The CVE-2021-43008 vulnerability affects Adminer ≤ 4.6.2, where improper access control allows an attacker-controlled remote MySQL server to trigger Adminer to read a local file via LOAD DATA LOCAL INFILE, exposing sensitive files (e.g., /etc/passwd). The issue can enable Arbitrary File Read on t...
CVE-2021-43008
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...
Fingerprint Attendance 1.0 SQL Injection Vulnerability
Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Steps 1...
USN-5270-2: MySQL vulnerabilities
USN-5270-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...
Sql injection
Online Motorcycle Bike Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials...
CVE-2021-44249
Online Motorcycle Bike Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials...
CosaNostra Builder WebPanel Cross Site Request Forgery
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Cross Site Request Forgery CSRF Description: The Panel...
CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage Vulnerability
The panel for Collector Stealer malware version 2.0.0 stores the login credentials in plaintext in its MySQL database. Third-party attackers who gain access to the system can read the database username passwords without having to crack them offline. Discovery / credits: Malvuln - malvuln.com c 20...
CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Insecure Credential Storage Description: The pan...
Oracle MySQL 输入验证错误漏洞
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful and redundant version for distributed computing environments. Oracle MySQL Cluster is vulnerable to an input validation error, which can be exploited to execute arbitrary...