678 matches found
[SECURITY] Fedora 27 Update: perl-DBD-MySQL-4.043-6.fc27
DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming langua ge and the MySQL programming API that comes with the MySQL relational database management system...
GSA Bounty: SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent
I've identified an SQL injection vulnerability in the website labs.data.gov that affects the endpoint /dashboard/datagov/csvtojson and can be exploited via the User-Agent HTTP header. I didn't extracted any data from the database, I've confirmed the vulnerability using sleep SQL queries with...
USN-3459-2: MySQL vulnerabilities
USN-3459-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...
[SECURITY] [DSA 4002-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4002-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq -...
Critical Code Execution Flaw Patched in PeopleSoft Core Engine
Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...
File Containment Vulnerability in iWebShop Open Source Mall System
iWebShop is an open source WEB e-commerce B2B2C platform self-supporting + merchants stationed station-building system based on PHP language + MYSQL database development, using the MVC architecture Yii framework thinking design pattern carefully designed a product. iWebShop open source mall syste...
[SECURITY] [DLA 1043-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.57-0+deb7u1 CVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648. CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 Debian Bug : 868788 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to t...
MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (Jul 2017 CPU) (Oct 2017 CPU) (Jul 2019 CPU)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. CVE-2017-3529 - An unspecified...
Finecms SQL Injection Vulnerability
FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. A SQL injection vulnerability exists in Finecms 5.0.8 and earlier versions, due to the program failing to effectively filter user input parameters. Allows attackers to exploit the vulnerability by writi...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability( CVE-2017-2824)
Official patch earlier to fix the vulnerabilities: the Zabbix database write vulnerability The vulnerability lies within the ìTrapperî section of the Zabbix Code, this is the network service that allows the Proxies and the Server to communicate TCP Port 10051 There are a set of API calls that the...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X . A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this...
Concrete5 CMS 8.1.0 - Host Header Injection
Concrete5 CMS 8.1.0 - Host Header Injection + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product:...
concrete5 8.1.0 Host Header Injection
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an...
Concrete5 CMS 8.1.0 - 'Host' Header Injection
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an...
Concrete5 8.1.0 - Host Header Injection Vulnerability
Exploit for php platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets...
0.2 BTC Strikes Back, Now Attacking MySQL Databases
In this post we will describe how GGSN detected a wide ransomware attack targeting MySQL databases and provide recommendations on how to protect your database...
Windows Botnet Spreading Mirai Variant
A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under...
UBUNTU-CVE-2016-1249
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service out-of-bounds read via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression...
Openexpert 0.5.17 - 'area_id' SQL Injection
Title : Openexpert 0.5.17 - Sql Injection Author: Nassim Asrir Author Company: Henceforth Tested on: Winxp sp3 - win7 Vendor: https://sourceforge.net/projects/law-expert/ Download Software: https://sourceforge.net/projects/law-expert/files/ About The Product : OpenExpert. Dual use Web based and...
[SECURITY] Fedora 23 Update: perl-DBD-MySQL-4.033-4.fc23
DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming langua ge and the MySQL programming API that comes with the MySQL relational database management system...