Adive Framework Cross-Site Request Forgery Vulnerability

Adive Framework is a PHP-based MySQL database management framework . A cross-site request forgery vulnerability exists in Adive Framework. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could exploit this...

The vulnerability of the InnoDB component of the MySQL Database Server management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the InnoDB component of the MySQL Database Server management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to resource release errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Vulnerability of the MySQL Server component: The DML mechanism of the MySQL Database Management System allows a hacker to trigger a service failure.

The vulnerability of the MySQL Server component relates to errors in resource release. Exploiting this vulnerability can allow an attacker to cause service interruptions...

School Management Software PHP/mySQL CSRF Vulnerability

School Management Software PHP/mySQL is a WEB school ERP management program. A cross-site request forgery vulnerability exists in School Management Software PHP/mySQL 2019-03-14 and prior versions. The vulnerability stems from the WEB application not adequately verifying that requests are coming...

DVNA - Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...

USN-4250-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.19 in Ubuntu 19.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.29. In addition to security fixes, the updated package...

The vulnerability of the Server:Optimizer component of the Oracle MySQL database management system allows a hacker to cause a service failure.

The vulnerability of the Server:Optimizer component of the Oracle MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL network protocol...

Remote code execution vulnerability in ECShop backend te***.php file

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. ECShop background te.php file remote code...

File upload vulnerability in phpok

PHPOK system is a content management system for website construction developed by Shenzhen KunHuo Technology Co., Ltd formerly known as PHPOK Studio, written in PHP, using MySQL database storage by default, based on the LGPL open source license released to the Internet for shared use. A file uplo...

Code execution vulnerability in SeaCMS backend (CNVD-2019-45348)

SeaCMS is a station building system based on PHP+MYSQL architecture and supports cross-platform operation. A code execution vulnerability exists in the background of SeaCMS, which can be exploited by attackers to execute malicious code...

Arbitrary File Deletion Vulnerability in LeShang Mall (CNVD-2019-43871)

LeShares is a lightweight mall website management system, based on Thinkphp5+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. There is an arbitrary file deletion vulnerability in LeShang Mall. An attacker can use this vulnerability to arbitrarily delete server...

CVE-2019-18465

In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH SFTP interface. The vulnerability affects only certain SSH SFTP configurations, and is applicable only if the MySQL database is being used...

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...

Code injection

In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server SEC-284...

SaltStack Salt MySQL Module SQL Injection Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A SQL injection vulnerability exists in the SaltStack Salt MySQL module. The vulnerability stems from a lack of validation of externally...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

Sql injection

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...

CVE-2019-1010248

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...