DVNA - Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...

USN-4250-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated package...

Remote code execution vulnerability in ECShop backend te***.php file

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. ECShop background te.php file remote code...

File upload vulnerability in phpok

PHPOK system is a content management system for website construction developed by Shenzhen KunHuo Technology Co., Ltd formerly known as PHPOK Studio, written in PHP, using MySQL database storage by default, based on the LGPL open source license released to the Internet for shared use. A file uplo...

Code execution vulnerability in SeaCMS backend (CNVD-2019-45348)

SeaCMS is a station building system based on PHP+MYSQL architecture and supports cross-platform operation. A code execution vulnerability exists in the background of SeaCMS, which can be exploited by attackers to execute malicious code...

Arbitrary File Deletion Vulnerability in LeShang Mall (CNVD-2019-43871)

LeShares is a lightweight mall website management system, based on Thinkphp5+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. There is an arbitrary file deletion vulnerability in LeShang Mall. An attacker can use this vulnerability to arbitrarily delete server...

CVE-2019-18465

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...

Code injection

In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server SEC-284...

SaltStack Salt MySQL Module SQL Injection Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A SQL injection vulnerability exists in the SaltStack Salt MySQL module. The vulnerability stems from a lack of validation of externally...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

Sql injection

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...

CVE-2019-1010248

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...

Fedora Update for community-mysql FEDORA-2019-6a8a9efc40

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-10855

Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...

Default credentials

Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...

CVE-2019-10855

Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...

UBUNTU-CVE-2019-2683

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols ...

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2019-12453)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in the Server: Optimizer subcomponent of the MySQL Server component of Oracle MySQL, version 8.0.15 and earlier. An...