CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess

Summary The deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are passed directly to $forge-dropTable without validating that the tables belong to the theme being deleted. The deleteConfirm view correctly populates tables from the theme's own migration...

CVE-2019-25451

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

CVE-2025-49145

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

CVE-2025-49145 iTop admin can drop iTop database using webhooks

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

CVE-2025-49145 iTop admin can drop iTop database using webhooks

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

EUVD-2025-50822

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

CVE-2025-49145 iTop admin can drop iTop database using webhooks

Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks mostly administrators can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature...

CVE-2025-49145

Combodo iTop vulnerability CVE-2025-49145 affects iTop versions prior to 2.7.13 and 3.2.2. A user with sufficient rights to create webhooks (typically administrators) can trigger database deletion due to unverified callback signatures. The issue is mitigated in iTop by upgrading to 2.7.13 or 3.2....

PT-2025-46196

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 Combodo iTop versions prior to 3.2.2 Description Combodo iTop is a web-based IT service management tool. A user with sufficient privileges to create webhooks typically administrators can drop the database...

MongoDB Unauthenticated Remote Database Drop - Ver2

Database drop vulnerability exists in MongoDB. Unauthenticated remote attacker could connect and execute arbitrary dropping database...

xmysqladmin insecure temporary file creation

xmysqladmin insecure temporary file creation Vendor: Gilbert Therrien [email protected] or [email protected] Advisory: http://www.zataz.net/adviso/xmysqladmin-05292005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low xmysqladmin contain a security flaw wich could allow a...