Design/Logic Flaw

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...

CVE-2019-13021

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...

SQL injection vulnerability in the la***_ty*** parameter of the ordasoft-cck component of Joomla!

Developed with PHP language and MySQL database, Joomla! is a content management system. A SQL injection vulnerability exists in the laty parameter of the Joomla! ordasoft-cck component. An attacker can exploit this vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in Us*** Parameters of Joomla! ordasoft-cck Component

Developed with PHP language and MySQL database, Joomla! is a content management system. A SQL injection vulnerability exists in the Us parameter of the Joomla! ordasoft-cck component, which can be exploited by an attacker to obtain sensitive information about a database...

Multiple SQL Injection Vulnerabilities in YIXUNCMS Backend

YIXUNCMS is a showcase website system developed by Yixun Software Studio for small and medium-sized enterprises, using PHP language and with a stable MYSQL database. YIXUNCMS background there are multiple SQL injection vulnerabilities. Attackers can use the vulnerability to obtain sensitive...

ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting

Exploit Title: ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting Exploit Author: Bobby Cooke Date: 2020-04-29 Software Link: https://github.com/tmorrell/cheminv Software Info: "Cheminv is a web-based chemical inventory system. This responsive database provides an accessible way to...

Command Execution Vulnerability in YCCMS

YCCMS is a version of PHP5 + MYSQL as the technical basis for the development of lightweight CMS station-building system. YCCMS has a command execution vulnerability that can be exploited by attackers to execute code to gain control of the server...

GDPR Compliance Site Leaks Git Data, Passwords

A website that gives advice on privacy regulation compliance has fixed a security issue that was exposing MySQL database settings — including passwords — to anyone on the internet. The website, GDPR.EU, is an advice site for organizations that are struggling to comply with the General Data...

GDPR.EU has er… a data leakage issue

GDPR.EU is an advice site ‘operated by Proton Technologies AG, co-funded by … the EU Horizon Framework’. It’s full of useful advice for organisations that need to comply with GDPR. Whilst it isn’t an official EU Commission site, it is partly funded by the EU. You may also be familiar with Proton...

PMB 5.6 SQL Injection

Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Date: 2020-04-20 Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -==== Software Description ====- PMB is a...

PMB 5.6 - (logid) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -====...

PMB 5.6 - 'logid' SQL Injection

Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Date: 2020-04-20 Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -==== Software Description ====- PMB is a...

UBUNTU-CVE-2020-2930

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Sql injection

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters account.php, uname and pass parameters login.php, and id parameter bookcar.php This allows an attacker to dump the MySQL database and to bypass the login...

CVE-2020-11545

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters account.php, uname and pass parameters login.php, and id parameter bookcar.php This allows an attacker to dump the MySQL database and to bypass the login...

CVE-2020-10106

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt...

Sql injection

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt...

CVE-2020-10106

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt...

The vulnerability of the Server:InnoDB component of the Oracle MySQL database management system allows a attacker to cause a service failure.

The vulnerability of the Server:InnoDB component in the Oracle MySQL database management system is related to an uncontrolled consumption of system resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

CVE-2020-5399: CredHub does not properly enable TLS for MySQL database connections | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database...