SQL Injection Vulnerability in the background of Wild Rain Novel CMS

Wild Rain Fiction cms hereinafter referred to as KYXSCMS provides a lightweight fiction website solution based on ThinkPHP 5.1+MySQL. There is a SQL injection vulnerability in the background of KYXSCMS. Attackers can use the vulnerability to obtain sensitive information in the database...

WordPress 4.8.x < 4.8.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A deserialization vulnerability exists in RequestsUtilityFilteredIterator class. - A cross-site scripting XSS vulnerability exists via global variables and post slugs. - A...

WordPress 5.3.x < 5.3.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A deserialization vulnerability exists in RequestsUtilityFilteredIterator class. - A cross-site scripting XSS vulnerability exists via global variables and post slugs. - A...

Command execution vulnerability exists in MyuCMS (CNVD-2020-67559)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. A command execution vulnerability exists in MyuCMS, which can be exploited to gain server privileges...

CVE-2020-12147 Unauthorized queries against the Silver Peak Unity OrchestratorTM MySQL database.

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing...

WordPress < 5.5.2 - Unauthenticated DoS Attack to RCE

Description The release notes state: "Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE." The attack consisted of creating a DoS condition on the MySQL database, which would make WordPress think that it has not been installed, presenting the installation wizard. The...

[SECURITY] Fedora 33 Update: mysql-connector-java-8.0.21-1.fc33

MySQL Connector/J is a native Java driver that converts JDBC Java Database Connectivity calls into the network protocol used by the MySQL database. It lets developers working with the Java programming language easily build programs and applets that interact with MySQL and connect all corporate...

mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

mysql: InnoDB unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

PYSEC-2020-342

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

Pandora FMS 7.0 NG 7XX Remote Command Execution Exploit

This Metasploit module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 and perhaps older versions in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS...

Pandora FMS 7.0 NG 7XX Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pandora FMS Events Remote Command Execution', 'Description' = %q This module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 ...

Pandora FMS Events Remote Command Execution

This module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 and perhaps older versions in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in the Events feature of Pandora FMS. This flaw...

Apache SkyWalking SQL Injection Vulnerability

Apache SkyWalking is an application performance monitor from the Apache Software USA Foundation primarily for environments such as microservices, cloud-native and container-based. An SQL injection vulnerability exists in the H2/MySQL/TiDB storage implementation in Apache SkyWalking versions 6.0.0...

XSS Vulnerability in jfinal cms User Profile Edit

jfinal cms is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. jfinal cms user profile editing XSS vulnerability , an attacker can exploit the...

File Upload Vulnerability in Team CMS

Team CMS website is a jsp + mysql for the development of jsp enterprise building system. Team CMS has a file upload vulnerability that can be exploited by attackers to gain server administrative privileges...

php-fusion 9.03.50 - (ctype) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version:...

CVE-2019-13021

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...

Design/Logic Flaw

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...