Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-5504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own...

8.8CVSS7.1AI score0.38778EPSS
Exploits4References2
OSV
OSV
added 2024/07/21 4:15 a.m.7 views

CVE-2024-6936

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code...

4.9CVSS5.1AI score0.00399EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/21 12:0 a.m.10 views

PT-2024-37974 · Unknown · Form Tools

Name of the Vulnerable Software and Affected Versions: Form Tools version 3.1.1 Description: A problematic issue has been found in the Setting Handler component, affecting the file /admin/settings/index.php?page=accounts. The manipulation of the Page Theme argument leads to code injection. This...

5.1CVSS4.7AI score0.00399EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/07/17 12:0 a.m.221 views

phpMyAdmin 4.x < 4.9.4 / 5.x < 5.0.1 SQLi (PMASA-2020-1)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x prior to 4.9.4, or 5.x prior to 5.0.1. It is, therefore, affected by a SQL injection SQLi vulnerability in the user accounts page. An authenticated, remote attacker can exploit this, b...

8.8CVSS8.4AI score0.38778EPSS
Exploits4References2
Mageia
Mageia
added 2020/01/11 11:52 p.m.41 views

Updated phpmyadmin packages fix security vulnerability

Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...

8.8CVSS2.6AI score0.38778EPSS
Exploits4References3
OSV
OSV
added 2020/01/11 11:52 p.m.11 views

MGASA-2020-0033 Updated phpmyadmin packages fix security vulnerability

Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...

8.8CVSS9AI score0.38778EPSS
Exploits4References4
OSV
OSV
added 2020/01/09 10:15 p.m.2 views

DEBIAN-CVE-2020-5504

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...

8.8CVSS7.4AI score0.38778EPSS
Exploits4References1
Prion
Prion
added 2018/09/07 5:29 a.m.12 views

Design/Logic Flaw

Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1...

4.3CVSS6AI score0.00826EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2016/03/01 11:0 a.m.52 views

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

6.1CVSS6.8AI score0.03109EPSS
Exploits0
CVE
CVE
added 2015/03/10 2:0 p.m.66 views

CVE-2014-9566

CVE-2014-9566 : SolarWinds Orion Platform is affected by multiple SQL injection vulnerabilities in the AccountManagement.asmx endpoints (GetAccounts, GetAccountGroups). The issue allows remote authenticated users to execute arbitrary SQL commands by supplying crafted dir or sort parameters. Affec...

7.5CVSS8.1AI score0.47749EPSS
Exploits8References7Affected Software8
Hacker One
Hacker One
added 2014/05/03 7:46 p.m.21 views

Coinbase: CSRF in function "Set as primary" on accounts page

I would like to report this CSRF vulnerability in coinbase on function "set as primary" for a account in accounts page. Steps: 1 Login to your coinbase account which atleast has two accounts 2 Go to "accounts" page and out of the two accounts click "set as primary" link for one of the accounts...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2014/05/02 1:24 a.m.44 views

Coinbase: CSRF on "Set as primary" option on the accounts page

On navigating to the Accounts page, a Coinbase user can create multiple accounts. The user can then make any of these accounts as their primary account. There are also other options of renaming and deleting these accounts. Although there is a CSRF token being sent as a POST parameter for the dele...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2006/09/21 12:0 a.m.11 views

SolidState 0.4 - Multiple Remote File Inclusions

SolidState 0.4 - Multiple Remote File Inclusions ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:...

Exploits0
Rows per page
Query Builder