764 matches found
GPSTracker 1.0 - id SQL Injection
GPSTracker 1.0 - id SQL Injection Exploit Title: GPSTracker v1.0 - Login Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com https://codecanyon.net/item/gpstracker-gps-trackgin-system/21873663 Version: 1.0 Category:...
PT-2018-5676 · Mysql Server · Mysql Multi-Master Replication Manager
Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the MMM::Agent::Helpers::Network::send arp function, resulting in arbitrary comma...
mysql: InnoDB unspecified vulnerability (CPU Apr 2018)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
MySQL 5.6.x < 5.6.40 Multiple Vulnerabilities (April 2018 CPU)
The version of MySQL running on the remote host is 5.6.x prior to 5.6.40. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not...
mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...
Vulnerability of the Server:Security:Privileges component of the MySQL database management system, which allows a hacker to cause a service failure
The vulnerability of the Server:Security:Privileges component of the MySQL database management system is related to security configuration errors. Exploiting this vulnerability may allow a malicious actor to cause service interruptions by modifying system data remotely...
The vulnerability of the InnoDB component of the MySQL database management system allows a hacker to gain privileges for creating, deleting, or modifying data, or to cause service interruptions.
The vulnerability of the InnoDB component of the MySQL database management system is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to gain privileges necessary for creating, deleting, or modifying MySQL data, or to cause service failures...
USN-3537-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packag...
Command injection
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the 1 mysqldump command line in the capture function and 2 mysql command line in the restore function, which allows local users to obtain sensitive information by listing the...
CVE-2015-7224
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysqluser' user parameter contains a host with a netmask...
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
Sql injection
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
Sql injection
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batchmanagerunit.php elementids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17822
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/userlistbackend.php sSortDir0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
Sql injection
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
CVE-2017-17823
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php orderby array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database...
[SECURITY] Fedora 27 Update: perl-DBD-MySQL-4.043-6.fc27
DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming langua ge and the MySQL programming API that comes with the MySQL relational database management system...
GSA Bounty: SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent
I've identified an SQL injection vulnerability in the website labs.data.gov that affects the endpoint /dashboard/datagov/csvtojson and can be exploited via the User-Agent HTTP header. I didn't extracted any data from the database, I've confirmed the vulnerability using sleep SQL queries with...
USN-3459-2: MySQL vulnerabilities
USN-3459-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...