1418 matches found
phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2016-11) - Windows
phpMyAdmin is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Delete Users from XenMobile Database
For XenMobile environment 10.4 and below, we do not have the option to delete the user from the console.You will have to delete the user from the database manually. Use the following SQL query to delete all rows associated to a single user within XenMobile Server. Important! Ensure to back up the...
Uber: Stored XSS in drive.uber.com WordPress admin panel
There is another bug in the All In One Event Calendar plugin used on drive.uber.com. An attacker can inject arbitrary JavaScript in the administrative Dashboard of WordPress. The script would be evaluated under administrator privileges as only logged-in administrators can view the Dashboard. Such...
DEBIAN-CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
UBUNTU-CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2560
The CVE-2016-2560 issue affects phpMyAdmin series: 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1. The vulnerability consists of multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML through several vectors (crafted H...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability
The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...
ManageEngine Firewall Analyzer 8.5 SQL Injection
================================================================ ManageEngine Firewall Analyzer 8.5 SQL Query Execution Vulnerability ================================================================ Description : Vulnerability Type : ManageEngine Firewall Analyzer 8.5 SQL Query Execution...
CVE-2016-2045
Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...
SQL Injection in TestLink
High-Tech Bridge Security Research Lab discovered high-risk SQL injection vulnerability in TestLink Open Source Test Management. The vulnerability can be exploited to alter the present SQL query and gain access to potentially sensitive information or even to completely compromise the vulnerable w...
PHPIPAM 1.1.010 - Multiple Vulnerabilities
Exploit Title: PHPIPAM v1.1.010 Multiple Vulnerabilities Date: 04/01/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: http://phpipam.net/ Version: 1.1.010 Category: Multiple Vulnerabilities Tested on : 1.1.010 PHPIPAM description :...
通达OA集团最新版一处盲注漏洞demo测试(需登录)
简要描述: 集团OA最新版,未过滤',然后再绕过过滤函数,root权限 详细说明: 厂商官网:http://.../ 集团demo地址:.../ SQL漏洞地址: .../general/document/index.php/send/sendlist/sendfor/?tid=&title=1 参数title可注入 这个点竟然没有过滤单引号' 爆SQL语句: 提交: .../general/document/index.php/send/sendlist/sendfor/?tid=&title=1%' and 1=2 union select 返回: 不安全的SQL语句:联合查询...
ZOHO ManageEngine OpManager Security Restriction Bypass Vulnerability
ZOHO ManageEngine OpManager is network performance management software. A security vulnerability exists in PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5 and earlier versions. An attacker can exploit this vulnerability to bypass sql query restrictions...
校无忧学校网站系统 TeachView.asp SQL注入漏洞
关键字简介有了。。 然后随便找一些网站 http://www.hainanez.com/TeachView.asp?id=33 http://www.lcztxx.com/TeachView.asp?id=1 http://www.yrenedu.com/TeachView.asp?id=37 http://www.tajx.com/TeachView.asp?id=25 http://nongxue.nyjj.net.cn/TeachView.asp?id=13 http://tuanwei.web.sdutcm.edu.cn/TeachView.asp?id=21...
Authentication flaw
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT//INTO."...