CVE-2023-51588

Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute...

mysql: Server: DML unspecified vulnerability (CPU Apr 2024)

A flaw was found in the MySQL Server product of Oracle MySQL component: Server: DML. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability ...

WordPress Plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress...

Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application's failure to properly filter...

GHSA-66J8-C83M-GJ5F Apache Zeppelin remote code execution by adding malicious JDBC connection string

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...

CVE-2024-31864

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...

CVE-2024-31864

CVE-2024-31864 affects Apache Zeppelin prior to 0.11.1, enabling code injection when establishing a MySQL JDBC connection. The issue is described as improper control of generation of code, with a CVSS v3.1 base score of 9.8 (Network, HIGH impact on confidentiality, integrity, and availability). T...

CVE-2024-31864 Apache Zeppelin: Remote code execution by adding malicious JDBC connection string

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...

CVE-2024-31864 Apache Zeppelin: Remote code execution by adding malicious JDBC connection string

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to versio...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

PT-2024-24252 · Apache · Apache Zeppelin

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions prior to 0.11.1 Description: The issue is related to improper control of code generation, allowing an attacker to inject sensitive configuration or malicious code when connecting to a MySQL database via a JDBC driver...

Teacher Subject Allocation Management System 1.0 SQL Injection

Exploit Title: Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql Software Link:...

BIT-WORDPRESS-2021-39201 Authenticated cross-site scripting (XSS) in WordPress editor

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

PT-2024-2179 · Unknown +2 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.8.3 Description: The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim wi...

Exploit for Weak Password Requirements in Laborofficefree

CVE-2024-1346 Weak MySQL database root password in LaborOffice...

mysql: Server: DDL unspecified vulnerability (CPU Jan 2024)

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server as well a...

mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Default credentials

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants...

Vulnerability of the MySQL Server component: The UDF component of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...