13 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-5504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own...
CVE-2024-6936
A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code...
PT-2024-37974 · Unknown · Form Tools
Name of the Vulnerable Software and Affected Versions: Form Tools version 3.1.1 Description: A problematic issue has been found in the Setting Handler component, affecting the file /admin/settings/index.php?page=accounts. The manipulation of the Page Theme argument leads to code injection. This...
phpMyAdmin 4.x < 4.9.4 / 5.x < 5.0.1 SQLi (PMASA-2020-1)
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x prior to 4.9.4, or 5.x prior to 5.0.1. It is, therefore, affected by a SQL injection SQLi vulnerability in the user accounts page. An authenticated, remote attacker can exploit this, b...
Updated phpmyadmin packages fix security vulnerability
Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...
MGASA-2020-0033 Updated phpmyadmin packages fix security vulnerability
Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...
DEBIAN-CVE-2020-5504
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...
Design/Logic Flaw
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2014-9566
CVE-2014-9566 : SolarWinds Orion Platform is affected by multiple SQL injection vulnerabilities in the AccountManagement.asmx endpoints (GetAccounts, GetAccountGroups). The issue allows remote authenticated users to execute arbitrary SQL commands by supplying crafted dir or sort parameters. Affec...
Coinbase: CSRF in function "Set as primary" on accounts page
I would like to report this CSRF vulnerability in coinbase on function "set as primary" for a account in accounts page. Steps: 1 Login to your coinbase account which atleast has two accounts 2 Go to "accounts" page and out of the two accounts click "set as primary" link for one of the accounts...
Coinbase: CSRF on "Set as primary" option on the accounts page
On navigating to the Accounts page, a Coinbase user can create multiple accounts. The user can then make any of these accounts as their primary account. There are also other options of renaming and deleting these accounts. Although there is a CSRF token being sent as a POST parameter for the dele...
SolidState 0.4 - Multiple Remote File Inclusions
SolidState 0.4 - Multiple Remote File Inclusions ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:...