MySQL User-Defined (Linux) x32 / x86_64 sys_exec Privilege Escalation

Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 8.11 / mysql Ver 14.14 Distrib 5.5.60...

zzcms SQL Injection Vulnerability (CNVD-2018-26017)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the admin/specialadd.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of zxbigclass...

zzcms SQL Injection Vulnerability (CNVD-2018-26020)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the admin/tagmanage.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of the...

UBUNTU-CVE-2016-8647

An input validation vulnerability was found in Ansible's mysqluser module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed...

CSP MySQL User Manager SQL Injection Vulnerability

CSP MySQL User Manager CMUM is a set of user management pages for the PHP front-end of CardserverProxy CSP, an open source proxy for handling clustering and load balancing. A SQL injection vulnerability exists in CMUM version 2.3.1. A remote attacker can exploit this vulnerability to bypass...

CSP MySQL User Manager 2.3.1 - Authentication Bypass

CSP MySQL User Manager 2.3.1 - Authentication Bypass Exploit Title: CSP MySQL User Manager 2.3.1 - Authentication Bypass Date: 2018-05-04 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/archive/p/cspmum/ Software Link:...

CSP MySQL User Manager 2.3.1 - Authentication Bypass

Exploit Title: CSP MySQL User Manager 2.3.1 - Authentication Bypass Date: 2018-05-04 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/archive/p/cspmum/ Software Link: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/cspmum/cmum-231.zip Version:...

CVE-2018-10757

CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt...

CVE-2018-10757

CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt...

CSP MySQL User Manager 2.3.1 SQL Injection Vulnerability

CSP MySQL User Manager version 2.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: CSP MySQL User Manager v2.3.1 SQL Injection Authentication Bypass Google Dork: intitle:"CSP MySQL User Manager" Exploit Author: Youssef mami Vendor Homepage...

CSP MySQL User Manager 2.3.1 SQL Injection

Exploit Title: CSP MySQL User Manager v2.3.1 SQL Injection Authentication Bypass Google Dork: intitle:"CSP MySQL User Manager" Date: 04/05/2018 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/archive/p/cspmum/ Software Link:...

TestLink Open Source Test Management Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

Command injection

test/tcdatabase.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...

CVE-2014-4999

vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the 1 mysqldump command line in the capture function and 2 mysql command line in the restore function, which allows local users to obtain sensitive information by listing the...

CVE-2014-4998

test/tcdatabase.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...

DEBIAN-CVE-2015-7224

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysqluser' user parameter contains a host with a netmask...

PT-2018-5044 · Red Hat +1 · Ansible +1

Name of the Vulnerable Software and Affected Versions: Ansible versions prior to 2.2.1.0 Description: An input validation issue was discovered in the mysql user module, potentially causing password changes to fail under certain conditions, resulting in the previous password remaining active...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016)

A flaw was found in the way the mysqldsafe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root...