The vulnerability of the Command Line Interface (CLI) of the Fortinet FortiNAC access control device allows a attacker to gain access to the MySQL database.

The vulnerability of the Command Line Interface CLI of the Fortinet FortiNAC access control device is related to the use of a default password for the configuration file. Exploiting this vulnerability could allow an attacker to gain access to the MySQL database...

U.S. Dept Of Defense: time based SQL injection at [https://███] [HtUS]

Hello, Summary while doing test on www.█████ I’ve found that the endpoint at /olc/setlogin.php is vulnerable with SQL injection vulnerability Vulnerable parameters - username - password POC - using time based to verify , submit the below request jsx POST /olc/setlogin.php HTTP/1.1 Host: www.█████...

U.S. Dept Of Defense: Wordpress Takeover using setup configuration at http://████.edu [HtUS]

A vulnerability was found in the WordPress 'setup-config.php' installation page, which allowed a malicious user to install WordPress in a remote MySQL database without valid credentials on the target system. This could lead to remote code execution and total system compromise, as well as other...

Simple Task Scheduling System sql injection vulnerability

Simple Task Scheduling System, a task scheduling system, is vulnerable to a SQL injection vulnerability in Simple Task Scheduling System version 1.0. An attacker can use this vulnerability to issue SQL commands to the MySQL database via the vulnerable "id" parameter...

CVE-2022-30927

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter...

CVE-2022-30927

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter...

GHSA-F57C-HX33-HVH8 Active Record component in Ruby on Rails has a data-type injection vulnerability

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

[SECURITY] [DLA 3002-1] adminer security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3002-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 13, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions using the MySQL network protocol...

Vulnerability of the MySQL Server component: The Optimizer component of the MySQL database management system allows a hacker to gain unauthorized access to modify, add, or delete data, or to cause service failures.

The vulnerability of the MySQL Server component involves insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to modify, add, or delete data, or to cause a service failure using the MySQL network protocol...

Vulnerability of the MySQL Server component: The DML mechanism of the MySQL database management system’s server allows a hacker to trigger a service failure.

The vulnerability of the MySQL Server component exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

Vulnerability of the Server component: The Replication module of the MySQL database management system, which allows attackers to compromise data integrity and cause service interruptions.

The vulnerability of the Server: Replication component of the MySQL database management system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise data integrity and cause service failures...

Vulnerability of the Server component: The DDL system for database management in MySQL, which allows a hacker to cause a service failure.

Vulnerability of the Server component: The DDL system for managing databases in MySQL is vulnerable to errors during resource release. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

The vulnerability of the InnoDB component of the MySQL database management system, which allows attackers to access confidential data

The vulnerability of the InnoDB component in the MySQL database management system is related to the disclosure of information. Exploiting this vulnerability allows an attacker to gain access to confidential data...

Vulnerability of the Server: Optimizer component of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Optimizer component of the MySQL database management system is related to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...

Ecommerce-Website 代码问题漏洞

Ecommerce-Website is complete e-commerce website with an administration panel built using PHP and MySql. version v1.1.0 of Ecommece-Website is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted PHP files...

Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases, which allows attackers to execute arbitrary code.

Vulnerability of the Cluster component: General database management systems like MySQL Cluster involve reading data beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

GHSA-RXFQ-3VPC-VV72 Files or Directories Accessible to External Parties in Adminer

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

Files or Directories Accessible to External Parties in Adminer

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...