PT-2015-2983 · Mariadb +7 · Mariadb +7

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.5.46 and earlier MariaDB versions prior to 5.5.47 MariaDB versions 10.0.x prior to 10.0.23 MariaDB versions 10.1.x prior to 10.1.10 Description: The issue is related to errors in the Optimizer component of the MySQL...

HumHub 0.11.2 / 0.20.0-beta.2 SQL Injection

=== LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHub 0.11.2 and 0.20.0-beta.2 Issue Overview ============== Vulnerability Type: 89 - Improper...

HumHub 0.11.2 and 0.20.0-beta.2 - SQL Injection Vulnerability

HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability. === LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHu...

DSA-3377-1 mysql-5.5 - security update

Bulletin has no description...

JSP/MySQL Administrador Web Cross-Site Request Forgery Vulnerability

JSPMySQL Administrador is a JSP technology Web server MySQL database remote management tools . JSP/MySQL Administrador Web has a cross-site request forgery vulnerability in its implementation, which can be exploited by a remote attacker to hijack a user's authentication request via the cmd...

Amazon Linux: Security Advisory (ALAS-2013-187)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2013-186)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer...

CentOS 5 : mysql55-mysql (CESA-2015:1628)

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

DSA-3308-1 mysql-5.5 - security update

Bulletin has no description...

UBUNTU-CVE-2015-2611

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML...

codeigniter -- mysql database driver vulnerability

The CodeIgniter changelog reports: Security: Removed a fallback to mysqlescapestring in the mysql database driver escapestr method when there's no active database connection...

Nakid CMS - Multiple Vulnerabilities

Nakid CMS - Multiple Vulnerabilities Exploit Title: CSRF, Persistent XSS & LFI Google Dork: intitle: CSRF, Persistent XSS & LFI Date: 2015-06-11 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: kilrizzy.github.io/Nakid-CMS Software Link:...

[SECURITY] [DSA 3229-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3229-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 19, 2015 http://www.debian.org/security/faq -...

某政府系统两处注入打包

简要描述： RT 详细说明： 山东农友软件公司官网:http://www.nongyou.com.cn/ 所有参数:tname和 CountryName都存在注入的。 案例如下： http://218.56.99.84:8003/newSymSum/VillagePersonal2.aspx?tname=太河镇&CountryName=东同古村 http://222.135.109.70:8200/newSymSum/VillagePersonal2.aspx?tname=泽库镇&CountryName=辛立庄村...

PMB 4.1.3 - (Authenticated) SQL Injection

Exploit Title: PMB = 4.1.3 Post-Auth SQL Injection Vulnerability Google Dork: inurl:opaccss Date: 25-12-2014 Exploit Author: XD4rker Ismail Belkacim Email: xd4rkeratgmail.com Twitter: @xd4rker Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files...

PHPMyRecipes 1.2.2 - browse.php?category SQL Injection

PHPMyRecipes 1.2.2 - browse.php?category SQL Injection Exploit Title : phpMyRecipes 1.2.2 SQL injectionpage browse.php, parameter category Author : Manish Kishan Tanwar Download Link : http://prdownloads.sourceforge.net/php-myrecipes/phpMyRecipes-1.2.2.tar.gz?download Date : 23/12/2014 Discovered...

PHPMyRecipes 1.2.2 - 'browse.php?category' SQL Injection

Exploit Title : phpMyRecipes 1.2.2 SQL injectionpage browse.php, parameter category Author : Manish Kishan Tanwar Download Link : http://prdownloads.sourceforge.net/php-myrecipes/phpMyRecipes-1.2.2.tar.gz?download Date : 23/12/2014 Discovered at : IndiShell Lab Love to : zero cool,Team...

mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM...

mysql: Remote Preauth User Enumeration flaw

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...