Lucene search
K

37 matches found

NVD
NVD
added 2019/12/05 8:15 p.m.23 views

CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...

9CVSS7.3AI score0.54081EPSS
Exploits11References4
CNVD
CNVD
added 2019/12/05 12:0 a.m.4 views

Strapi Admin Panel Install and Uninstall Plugin Component Remote Code Execution Vulnerability

Strapi is an open source headless content management system CMS. install and Uninstall Plugin is one of the install and uninstall plugin . A remote code execution vulnerability exists in the Install and Uninstall Plugin component of the Admin panel in Strapi, which stems from the program's failur...

9CVSS8.7AI score0.54081EPSS
Exploits11References1
CNVD
CNVD
added 2019/08/22 12:0 a.m.5 views

WordPress uninstall plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is one of the plugins used to completely uninstall WordPress. A cross-site request forgery vulnerability exists in the...

6.5CVSS6.7AI score0.0061EPSS
Exploits1References1
NVD
NVD
added 2019/08/20 3:15 p.m.20 views

CVE-2015-9332

The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI...

6.5CVSS6.6AI score0.0061EPSS
Exploits1References1
Prion
Prion
added 2019/08/20 3:15 p.m.13 views

Cross site request forgery (csrf)

The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI...

5.8CVSS7.2AI score0.0061EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/08/20 2:51 p.m.117 views

CVE-2015-9332

The CVE-2015-9332 issue affects the WordPress uninstall plugin (before v1.2). The vulnerability is a Cross-Site Request Forgery (CSRF) that can trigger uninstall to delete all database tables via wp-admin/admin-ajax.php?action=uninstall, as described in multiple sources (WordPress uninstall plugi...

6.5CVSS6.5AI score0.0061EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2019/02/15 12:0 a.m.59 views

WordPress Booking Calendar 8.4.3 Plugin - Authenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version...

0.1AI score0.19238EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/02/15 12:0 a.m.66 views

WordPress Booking Calendar 8.4.3 SQL Injection

Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version 8.4.3 older versions may also be...

0.19238EPSS
Exploits5
Patchstack
Patchstack
added 2018/04/18 12:0 a.m.18 views

Google Drive for WordPress plugin <=2.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability found by Lenon Leite in Google Drive for WordPress plugin versions =2.2. Solution Attention! This plugin was closed on 2018 January 26 by WordPress security team and is no longer available for download. Deactivate and uninstall!...

4.7AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/07/30 12:0 a.m.33 views

Mandriva Linux Security Advisory : mysql (MDVSA-2010:093)

A vulnerability was discovered in mysql which would permit mysql users without any kind of privileges to use the UNINSTALL PLUGIN function CVE-2010-1621. A problem was discovered in the mysqld init script which under certain circumstances could cause the service to exit too quickly, giving the OK...

5CVSS5.4AI score0.01393EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/05/17 12:0 a.m.25 views

Mandriva Update for mysql MDVSA-2010:093 (mysql)

Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2010:093 mysql Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS6.4AI score0.01393EPSS
Exploits0References2
Prion
Prion
added 2010/05/14 7:30 p.m.23 views

Command injection

The mysqluninstallplugin function in sql/sqlplugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command...

5CVSS7AI score0.01393EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2010/05/14 7:24 p.m.142 views

CVE-2010-1621

The CVE concerns MySQL 5.1 before 5.1.46. The mysql_uninstall_plugin function in sql/sql_plugin.cc does not check privileges before uninstalling a plugin, allowing remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. This is a privilege escalation/unauthenticated remo...

5CVSS6.5AI score0.01393EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/05/12 12:0 a.m.34 views

MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities

The version of MySQL Community Server 5.1 installed on the remote host is earlier than 5.1.46 and thus potentially affected by the following vulnerabilities : - A local user may be able to issue a 'DROP TABLE' command for one MyISAM table and remove the data and index files of a different MyISAM...

5CVSS5.2AI score0.01393EPSS
Exploits0References5
securityvulns
securityvulns
added 2010/05/11 12:0 a.m.31 views

[ MDVSA-2010:093 ] mysql

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:093 http://www.mandriva.com/security/ Package : mysql Date : May 7, 2010 Affected: 2009.1, 2010.0 Problem Description: A vulnerability was discovered in mysql which would permit mysql users without any kind ...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2010/05/11 12:0 a.m.22 views

MySQL DoS

Local user can execute UNINSTALL PLUGIN funtion...

1.7AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2010/04/21 12:0 a.m.30 views

MySQL 5.1.x错误UNINSTALL PLUGIN权限检查漏洞

BUGTRAQ ID: 39543 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 MySQL没有正确地执行UNINSTALL PLUGIN权限检查,用户无需拥有DELETE权限便可卸载插件 MySQL 5.1.x 厂商补丁: MySQL AB -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://lists.mysql.com/commits/103144?f=plain http://bazaar.launchpad.net/mysql/mysql-server/mysql-5.1/revision/33...

6.9AI score
Exploits0
Rows per page
Query Builder