764 matches found
[SECURITY] [DSA 4002-1] mysql-5.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4002-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 19, 2017 https://www.debian.org/security/faq -...
Critical Code Execution Flaw Patched in PeopleSoft Core Engine
Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...
File Containment Vulnerability in iWebShop Open Source Mall System
iWebShop is an open source WEB e-commerce B2B2C platform self-supporting + merchants stationed station-building system based on PHP language + MYSQL database development, using the MVC architecture Yii framework thinking design pattern carefully designed a product. iWebShop open source mall syste...
[SECURITY] [DLA 1043-1] mysql-5.5 security update
Package : mysql-5.5 Version : 5.5.57-0+deb7u1 CVE ID : CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3648. CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 Debian Bug : 868788 Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to t...
MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (Jul 2017 CPU) (Oct 2017 CPU) (Jul 2019 CPU)
The version of MySQL running on the remote host is 5.7.x prior to 5.7.19. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the UDF component that allows an authenticated, remote attacker to cause a denial of service condition. CVE-2017-3529 - An unspecified...
Finecms SQL Injection Vulnerability
FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. A SQL injection vulnerability exists in Finecms 5.0.8 and earlier versions, due to the program failing to effectively filter user input parameters. Allows attackers to exploit the vulnerability by writi...
The vulnerability of the Oracle MySQL database management system allows a hacker to gain privileged access when modifying data or causing service failures.
The vulnerability of the MySQL Server component of the Oracle MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain privileged access to modify, add, or delete data. This can also cause...
The vulnerability of the MySQL database management system allows malicious actors to compromise the confidentiality of information.
The vulnerability of the MySQL Server component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of information through network packets...
The vulnerability of the MySQL database management system allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the MySQL database management system arises due to a numerical overflow condition. Exploiting this vulnerability can allow an attacker, operating remotely, to cause the system to become unresponsive or trigger service failures using specially...
The vulnerability of the MySQL database management system allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause the system to become unresponsive or to crash through network packets...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability( CVE-2017-2824)
Official patch earlier to fix the vulnerabilities: the Zabbix database write vulnerability The vulnerability lies within the ìTrapperî section of the Zabbix Code, this is the network service that allows the Proxies and the Server to communicate TCP Port 10051 There are a set of API calls that the...
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X . A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this...
concrete5 8.1.0 Host Header Injection
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an...
Concrete5 CMS 8.1.0 - Host Header Injection
Concrete5 CMS 8.1.0 - Host Header Injection + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product:...
Concrete5 8.1.0 - Host Header Injection Vulnerability
Exploit for php platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets...
Concrete5 CMS 8.1.0 - 'Host' Header Injection
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an...
0.2 BTC Strikes Back, Now Attacking MySQL Databases
In this post we will describe how GGSN detected a wide ransomware attack targeting MySQL databases and provide recommendations on how to protect your database...
Windows Botnet Spreading Mirai Variant
A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under...
UBUNTU-CVE-2016-1249
The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service out-of-bounds read via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression...
The vulnerability of the MySQL database management system allows a hacker to cause a service failure.
The vulnerability of the Server component: The Optimizer component of the MySQL database management system is vulnerable due to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to cause the system to become unresponsive or, in rare cases, to...