mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

CVE-2016-6664

A flaw was found in the way the mysqldsafe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

X_CART Installation Script Cross Site Scripting Vulnerability

XCART is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:qualiteam:x-cart";...

phpMyAdmin 4.0.x < 4.0.10.1 / 4.1.x < 4.1.14.2 / 4.2.x < 4.2.6 Multiple Vulnerabilities (PMASA-2014-4 through PMASA-2014-7)

Binary data 8377.prm...

MySQL: новый Geometric error-based

Привет! я не говорю России, так что я собираюсь объяснить это на английском языке. earlier today, i got some spare time, and played a little with the function GeometryCollection. basically, this function constructs geometry collection. sounds nice. but the interesting part is, we can only use it...

MGASA-2014-0310 Updated phpmyadmin package fixes security vulnerabilities

In phpMyAdmin before 4.1.14.2, when navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name CVE-2014-4955. In phpMyAdmin before 4.1.14.2, with a crafted column name it is possible to trigger an XSS when dropping the column in table structure page...

CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

UBUNTU-CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

Design/Logic Flaw

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

CVE-2014-4987

serverusergroups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request...

Kloxo 6.1.18 Stable - CSRF Vulnerability

No description provided by source. Exploit Title :Kloxo 6.1.18 Stable CSRF Vulnerability Vendor Homepage :http://lxcenter.org/software/kloxo Version :6.1.18 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/12/2014 CVE :N/A Kloxo...

Noah's Classifieds 1.0/1.3 Search Page SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16773/info Noah's Classifieds is prone to an SQL-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to...

Kloxo-MR 6.5.0 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title :Kloxo-MR 6.5.0 CSRF Vulnerability Vendor Homepage :https://github.com/mustafaramadhan/kloxo/tree/dev Version :Kloxo-MR 6.5.0.f-2014020301 Tested on :Centos 6.4 Exploit Author :Necmettin COSKUN =@babayarisi Blog...

Kloxo 6.1.18 Stable - Cross-Site Request Forgery

Kloxo 6.1.18 Stable - Cross-Site Request Forgery Exploit Title :Kloxo 6.1.18 Stable CSRF Vulnerability Vendor Homepage :http://lxcenter.org/software/kloxo Version :6.1.18 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/12/2014...

Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read

Joomla versions 3.2.2 and below are vulnerable to an unauthenticated SQL injection which allows an attacker to access the database or read arbitrary files as the 'mysql' user. This module will only work if the mysql user Joomla is using to access the database has the LOADFILE permission. This...