PT-2019-1923 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.15 and prior Description: A vulnerability in the MySQL Server component, specifically in the InnoDB subcomponent, allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL...

Jfinal cms backend has arbitrary file read vulnerability

Jfinal cms uses JFinal as a web framework , template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms backend exists arbitrary file read vulnerability. Attackers can use the vulnerability to read the database configuration file...

File Upload Vulnerability in metinfo Mito System

metinfo mito system is an enterprise website management system with PHP Mysql architecture. A file upload vulnerability exists in metinfo Mito System, which can be exploited by attackers to upload arbitrary files...

phpMyAdmin Arbitrary File Read Vulnerability

phpMyAdmin is a PHP-based database management tool for MySQL on Web-Base, allowing administrators to manage MySQL databases with a Web interface. An arbitrary file read vulnerability exists in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration is set to true, an attacker can...

CVE-2018-17957

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool RMT before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database...

iWebShop open source mall system has xss vulnerability

iWebShop open source mall system is a PHP language and MYSQL database based on the development of B2B2C single-user and multi-user open source mall system . The system is divided into front-end , back-office and merchant . iWebShop open source mall system has an xss vulnerability that can be...

CVE-2018-15719

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information...

CVE-2018-15719

Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information...

Fleetco Fleet Maintenance Management 1.2 Remote Code Execution

Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Date: 2018-11-23 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link: http://www.fleetco.space/download/215/ Version: v1.2 Category: Webap...

CVE-2018-14703

Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password...

Improper access control

Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password...

UKCMS has an information leakage vulnerability

UKcms is a web content management system based on PHP7 and mysql technology. UKCMS is vulnerable to information leakage. An attacker can obtain information about database backup files through constructed links...

Design/Logic Flaw

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...

CVE-2018-19654

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...

CVE-2018-19654

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...

CVE-2018-19654

CVE-2018-19654 affects the Sales & Company Management System (SCMS) up to 2018-06-06. The issue is a discrepancy between a string-validation component and the MySQL query component, allowing registration of a new account with a username that already exists (e.g., test%c2) when the account is alre...

Debian DLA-1566-1 : mysql-5.5 security update

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.62, which includes additional changes. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details :...

Command Execution Vulnerability in YIXUNCMS Backend

YIXUNCMS is a showcase website system developed by Yixun Software Studio for small and medium-sized enterprises, using PHP language and with a stable MYSQL database. YIXUNCMS backend has a command execution vulnerability that can be exploited by attackers to insert Trojan horse files to gain...

CVE-2018-17034

UCMS 1.4.6 has XSS via the install/index.php mysqldbname parameter...

Softneta MedDream PACS Server Premium 6.7.1.1 SQL Injection

Exploit Title: MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection Date: 2018-05-23 Software https://www.softneta.com/products/meddream-pacs-server/downloads.html Version: MedDreamPACS Premium 6.7.1.1 Exploit Author: Carlos Avila Google Dork: inurl:Pacs/login.php, inurl:pacsone...