Medium: mysql51

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Affected Packages: mysql51 Issue Correction: Run yum update mysql51 or yum update --advisory ALAS-2013-152 to update your system. New Packages: i686: mysql51-5.1.67-1.60.amzn1.i686 ...

SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability

SEC Consult Vulnerability Lab Security Advisory 20130122-1 ======================================================================= title: SQL Injection product: F5 BIG-IP vulnerable version: =11.2.0 fixed version: 11.2.0 HF3 11.2.1 HF3 CVE number: CVE-2012-3000 impact: Medium homepage:...

USN-1658-1: MySQL vulnerability

It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code...

PHP Server Monitor Stored XSS Vulnerability

Exploit for php platform in category web applications Author: loneferret Product: PHP Server Monitor Version: 2.0.1 and maybe older versions Google Dork: intext="Powered by PHP Server Monitor v2.0.1" yes people have made this available on the web Software Download:...

PHP Server Monitor - Persistent Cross-Site Scripting

PHP Server Monitor - Persistent Cross-Site Scripting Author: loneferret of Offensive Security Product: PHP Server Monitor Version: 2.0.1 and maybe older versions Google Dork: intext="Powered by PHP Server Monitor v2.0.1" yes people have made this available on the web Software Download:...

CentOS Update for mysql CESA-2012:1462 centos6

Check for the Version of mysql OpenVAS Vulnerability Test CentOS Update for mysql CESA-2012:1462 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Traq admincp/common.php authenticate() Function Authentication Bypass Remote Code Execution

The version of Traq installed on the remote host contains a flaw that could allow a remote attacker to bypass the authentication mechanism and inject and execute arbitrary code. The flaw is caused by the application failing to properly restrict admin rights in the 'authenticate' function in...

CVE-2012-4501 : Critical vulnerability warned in Cloudstack

Citrix and the Apache Software Foundation have alerted users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. The vulnerability affects all versions of Cloudstack prior to October 7, including the Citrix commercial version. Vulnerability could...

Ezylog Photovoltaic Management SQL Injection / Command Injection

Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= ADVISORY INFORMATION Title: Multiple vulnerabilities in Ezylog photovoltaic management server Discovery date: 27/08/2012 Release date: 11/09/2012 Credits: Roberto...

[SECURITY] Fedora 17 Update: roundcubemail-0.7.3-1.fc17

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 15 Update: roundcubemail-0.7.2-2.fc15

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

mysql-query NSE Script

Runs a query against a MySQL database and returns the results as a table. Script Arguments mysql-query.noheaders do not display column headers default: false mysql-query.query the query for which to return the results mysql-query.username optional the username used to authenticate to the database...

myCare2x CMS - Multiple Web Vulnerabilities

Exploit for php platform in category web applications Title: ====== myCare2x CMS - Multiple Web Vulnerabilities Introduction: ============= myCare2x is an web application. All program modules and data accesses are processed in the server. User only need a web browser, in order to use the myCare2x...

myCare2x CMS - Multiple Web Vulnerabilities

Document Title: =============== myCare2x CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=524 Release Date: ============= 2012-05-02 Vulnerability Laboratory ID VL-ID: ==================================== 524 Common...

Cyberoam UTM - Multiple Vulnerabilities

Cyberoam UTM - Multiple Vulnerabilities SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured...

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...

USN-1397-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security...

Important: mysql

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102,...

GAzie <= 5.20 Cross Site Request Forgery

Exploit for php platform in category web applications ======================================== GAzie Date: 5/02/2012 Site: http://www.giudinvx.altervista.org/ -------------------------------------------------------- @Application Info: Multicompany finance application written in PHP using a MySql...

CVE-2011-4899

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...