37 matches found
CVE-2019-19609
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...
Strapi Admin Panel Install and Uninstall Plugin Component Remote Code Execution Vulnerability
Strapi is an open source headless content management system CMS. install and Uninstall Plugin is one of the install and uninstall plugin . A remote code execution vulnerability exists in the Install and Uninstall Plugin component of the Admin panel in Strapi, which stems from the program's failur...
WordPress uninstall plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is one of the plugins used to completely uninstall WordPress. A cross-site request forgery vulnerability exists in the...
CVE-2015-9332
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI...
Cross site request forgery (csrf)
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI...
CVE-2015-9332
The CVE-2015-9332 issue affects the WordPress uninstall plugin (before v1.2). The vulnerability is a Cross-Site Request Forgery (CSRF) that can trigger uninstall to delete all database tables via wp-admin/admin-ajax.php?action=uninstall, as described in multiple sources (WordPress uninstall plugi...
WordPress Booking Calendar 8.4.3 Plugin - Authenticated SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version...
WordPress Booking Calendar 8.4.3 SQL Injection
Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version 8.4.3 older versions may also be...
Google Drive for WordPress plugin <=2.2 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability found by Lenon Leite in Google Drive for WordPress plugin versions =2.2. Solution Attention! This plugin was closed on 2018 January 26 by WordPress security team and is no longer available for download. Deactivate and uninstall!...
Mandriva Linux Security Advisory : mysql (MDVSA-2010:093)
A vulnerability was discovered in mysql which would permit mysql users without any kind of privileges to use the UNINSTALL PLUGIN function CVE-2010-1621. A problem was discovered in the mysqld init script which under certain circumstances could cause the service to exit too quickly, giving the OK...
Mandriva Update for mysql MDVSA-2010:093 (mysql)
Check for the Version of mysql OpenVAS Vulnerability Test Mandriva Update for mysql MDVSA-2010:093 mysql Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Command injection
The mysqluninstallplugin function in sql/sqlplugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command...
CVE-2010-1621
The CVE concerns MySQL 5.1 before 5.1.46. The mysql_uninstall_plugin function in sql/sql_plugin.cc does not check privileges before uninstalling a plugin, allowing remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command. This is a privilege escalation/unauthenticated remo...
MySQL Community Server 5.1 < 5.1.46 Multiple Vulnerabilities
The version of MySQL Community Server 5.1 installed on the remote host is earlier than 5.1.46 and thus potentially affected by the following vulnerabilities : - A local user may be able to issue a 'DROP TABLE' command for one MyISAM table and remove the data and index files of a different MyISAM...
[ MDVSA-2010:093 ] mysql
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:093 http://www.mandriva.com/security/ Package : mysql Date : May 7, 2010 Affected: 2009.1, 2010.0 Problem Description: A vulnerability was discovered in mysql which would permit mysql users without any kind ...
MySQL DoS
Local user can execute UNINSTALL PLUGIN funtion...
MySQL 5.1.x错误UNINSTALL PLUGIN权限检查漏洞
BUGTRAQ ID: 39543 MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。 MySQL没有正确地执行UNINSTALL PLUGIN权限检查,用户无需拥有DELETE权限便可卸载插件 MySQL 5.1.x 厂商补丁: MySQL AB -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://lists.mysql.com/commits/103144?f=plain http://bazaar.launchpad.net/mysql/mysql-server/mysql-5.1/revision/33...