Code injection

An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and ...

CVE-2016-9864

An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and ...

Important: Red Hat Security Advisory: rh-mysql56-mysql security update

An update for rh-mysql56-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] [DSA 3706-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3706-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 07, 2016 https://www.debian.org/security/faq -...

DSA-3706-1 mysql-5.5 - security update

Bulletin has no description...

Mini Notice Board 1.1 SQL Injection

!/usr/bin/perl -w mininoticeboardv1.1 SQL Injection Exploit ========================================== Discovered by NA , NAattutanota.com ======================================== Vendor has been notified ========================= Description ============ Mini Notice Board is a small noticeboard...

SweetRice 1.5.1 - Cross-Site Request Forgery

document.forms0.submit;...

PHP Support Tickets 1.3 SQL Injection Vulnerability

Exploit for php platform in category web applications PHPSTicketsv1.3 SQL Injection Vulnerabilty Description ============ PHP Support Tickets; will allow a webmaster the ability to offer its user base a means to contact its personnel through request vouchers...

Advanced Upload (PHP) Script 1.0.2 SQL Injection

Advanced Upload PHP Script Version 1.0.2 MySQL Injection Vulnerabilities ============================================================================ Discovered by NA, NAattutanota.com ======================================= Description ============ An advanced php uploading script with MANY...

Perl DBD::mysql module buffer overflow vulnerability

Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall.DBD::mysql is used for one of the MySQL Perl5 Database Interface Database Interface, DBI driver module. A buffer overflow vulnerability exists in the Perl DBD::mysql module prior to version...

Phire CMS 2.0.0 Cross Site Scripting

Title Phire CMS HTTP Request POST /phirecms/phire/config HTTP/1.1 Headers: ... Post Data: datetimeformat=&datetimeformatcustom=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&pagination=25&systemtheme=default&submit=Save HTTP Response...

DSA-3666-1 mysql-5.5 - security update

Bulletin has no description...

Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Nagios Network Analyzer Multiple Vulnerabilities Affected versions: Nagios Network Analyzer = 2.2.0 PDF: http://www.security-assessment.com/files/documents/advisory/NagiosNetworkAnalyzerAdvisory.pdf +-----------+ |Description| +-----------+ Th...

[SECURITY] [DLA 567-2] mysql-5.5 security and regression update

Package : mysql-5.5 Version : 5.5.50-0+deb7u2 CVE ID : CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 Several vulnerabilities have been found in the MySQL Database Server. These vulnerabilities are addressed by upgrading MySQL to the recent upstream 5.5.50 version. Please refer to the...

DLA-567-2 mysql-5.5 - regression update

Bulletin has no description...

DLA-567-1 mysql-5.5 - security update

Bulletin has no description...

mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection...

Design/Logic Flaw

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Maste...

CVE-2016-0635

The connected Nessus/NASL records tie CVE-2016-0635 to the Oracle Siebel CRM knowledge component (AnswerFlow Spring Framework) in Siebel CRM. Affected versions are 8.5.1.0–8.5.1.7 and 8.6.0. The vulnerability in the Oracle Knowledge component can be exploited remotely over HTTP by a low-privilege...

CVE-2016-0635

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Maste...