MySQL <= 5.1.13 - INFORMATION_SCHEMA - Remote Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28351/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate...

Design/Logic Flaw

Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors...

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File read only Create File read only Brute Table & Column Download Simple SQLi Dumper v5....

[CVE-2014-2531] SQL injection in InterWorx Web Control Panel &lt;= 5.0.13

================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...

Ubuntu Update for python-django USN-2169-2

Check for the Version of python-django OpenVAS Vulnerability Test $Id: gbubuntuUSN21692.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for python-django USN-2169-2 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is...

MGASA-2014-0196 Updated python-django packages fix multiple vulnerabilities

Updated python-django and python-dgango14 packages fix security vulnerabilities: Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulti...

Ubuntu 14.04 LTS : Django vulnerabilities (USN-2169-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2169-1 advisory. Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse function. An attacker could use this issue to cause...

[SECURITY] Fedora 19 Update: cacti-0.8.8b-5.fc19

Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain graphs, data sources, and round robin archives in a database, Cacti also...

Sendy 1.1.9.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Sendy 1.1.9.1 - SQL Injection Vulnerability Date: 2014-04-10 Exploit Author: marduk369 Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.9.1 email protected: sqlmap -u 'http://server1/send-to?i=1&c=1...

InterWorx 5.0.13 Build 574 SQL Injection Vulnerability

InterWorx Web Control Panel version 5.0.13 build 574 suffers from a remote SQL injection vulnerability. ================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574...

InterWorx 5.0.13 Build 574 SQL Injection

================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...

[bWAPP] an extremely buggy web application!

bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so uniqu...

RedHat Update for mysql55-mysql RHSA-2014:0186-01

Check for the Version of mysql55-mysql OpenVAS Vulnerability Test RedHat Update for mysql55-mysql RHSA-2014:0186-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Oracle Linux 5 : mysql55-mysql (ELSA-2014-0186)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0186 advisory. - Fix CVE-2014-0001 Related: 1055875 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Moderate: Red Hat Security Advisory: mysql55-mysql security update

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

CentOS Update for mysql CESA-2014:0164 centos6

Check for the Version of mysql OpenVAS Vulnerability Test CentOS Update for mysql CESA-2014:0164 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

DSA-2845-1 mysql-5.1 - several

Bulletin has no description...

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

Horizon QCMS &quot;/lib/functions/d-load.php&quot;目录遍历漏洞

CVE ID:CVE-2013-7138 Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。 该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen"方法中被使用前没有足够过滤，远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。 0 Horizon QCMS=4.0 厂商补丁： Horizon ----- Horizon 4.0版本以修复此漏洞，建议用户下载使用：...

Tajikistan Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

Google’s primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar...