764 matches found
CVE-2011-4899
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...
CVE-2019-18465
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...
CVE-2019-10855
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...
CVE-2011-1906
Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756...
CVE-2017-18409
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases SEC-283...
CVE-2002-1809
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
[SECURITY] Fedora 41 Update: mysql8.0-8.0.41-1.fc41
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
Azure Linux 3.0 Security Update: vitess (CVE-2024-53257)
The version of vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53257 advisory. - Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env...
Feng Office 3.11.1.2 - SQL Injection
Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...
📄 Pandora FMS Authenticated Command Injection
This Metasploit module exploits a command injection vulnerability in the chromium-path or phantomjs-bin directory setting at the application settings page of Pandora FMS. You need to have administrative access in the Pandora FMS web application in order to achieve remote code execution. This modu...
SourceCodester Online Eyewear Shop 安全漏洞
SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL that provides an online shopping and ordering platform for the eyewear business and its potential customers. A security vulnerability exists in SourceCodester Onli...
RHEL 8 : mysql:8.0 (RHSA-2025:2883)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:2883 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries...
Linux Distros Unpatched Vulnerability : CVE-2016-0546
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before...
编号撤回
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...
CVE-2024-31864
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...
The vulnerability of the InnoDB component of the MySQL Database Server management system, which allows a hacker to cause a service failure.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to the exhaustion of memory resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through network packets...
The vulnerability of the InnoDB component of the MySQL Database Server allows a attacker to gain read, modify, or delete access to data, or to cause a service failure.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete access to data, or cause service interruptions...
The vulnerability of the InnoDB component of the MySQL Database Server management system, which allows a hacker to cause a service failure.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause downtime or service failures using the MySQL network protocol...
CVE-2022-26117
An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...