143 matches found
CVE-2020-7959
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...
Information Disclosure
Apache Incubator Superset is susceptible to information disclosure. The database names are leaked to the users with no-access to on a dropdown list in SQLLab...
Apache Superset medata data leakage vulnerability
Apache Incubator Superset is a suite of enterprise-class business intelligence Web applications from the Apache Apache Software Foundation in the United States. The program features data collection, data visualization and authentication. A security vulnerability exists in Apache Incubator Superse...
Design/Logic Flaw
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...
CVE-2019-12414
In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...
U.S. Dept Of Defense: Followup - SQL Injection - https://██████████/██████/MSI.portal
Summary: Time based blind sql injection for parameter MSIadditionalFilterType1, at the following URL: https://███/███/MSI.portal?nfpb=true&pageLabel=msiportalpage61 Description: This is a follow up to a previous report I submitted: https://hackerone.com/reports/674838 The following page has a for...
CVE-2018-20937
cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...
CVE-2018-20937
cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...
CVE-2018-20937
cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...
Design/Logic Flaw
Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request...
Cross site scripting
An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS...
Fedora 29 : phpMyAdmin (2018-088802878a)
Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. The security fixes involve : - Local file inclusion https://www.phpmyadmin.net/security/PMASA-2018-6/, - XSRF/CSRF...
Security update for phpMyAdmin (moderate)
This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245: - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...
mysql: Incorrect input validation allowing code execution via mysqldump
It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...
CVE-2017-1000005
PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data stealing data...
PHPMiniAdmin Stored Cross-Site Scripting Vulnerability
PHPMiniAdmin is a lightweight MySQL database management tool written in PHP. The tool supports common functions such as importing and exporting databases and executing SQL statements. A cross-site scripting vulnerability exists in database names, table names, and column names in PHPMiniAdmin...
DEBIAN-CVE-2016-6608
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions prior to 4.6.4 are affected...
Cross site scripting
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions prior to 4.6.4 are affected...
CVE-2016-6608
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions prior to 4.6.4 are affected...
mysql: Incorrect input validation allowing code execution via mysqldump
It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...