Lucene search
+L

143 matches found

cvelist
cvelist
added 2020/02/17 8:22 p.m.26 views

CVE-2020-7959

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...

5.1AI score0.01378EPSS
Exploits1References2
veracode
veracode
added 2019/12/17 7:43 a.m.24 views

Information Disclosure

Apache Incubator Superset is susceptible to information disclosure. The database names are leaked to the users with no-access to on a dropdown list in SQLLab...

5.3CVSS2.1AI score0.02707EPSS
Exploits0References2Affected Software1
cnvd
cnvd
added 2019/12/17 12:0 a.m.4 views

Apache Superset medata data leakage vulnerability

Apache Incubator Superset is a suite of enterprise-class business intelligence Web applications from the Apache Apache Software Foundation in the United States. The program features data collection, data visualization and authentication. A security vulnerability exists in Apache Incubator Superse...

5.3CVSS6.7AI score0.02707EPSS
Exploits0References1
prion
prion
added 2019/12/16 10:15 p.m.19 views

Design/Logic Flaw

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...

5CVSS5.1AI score0.02707EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2019/12/16 9:52 p.m.38 views

CVE-2019-12414

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...

5.1AI score0.02707EPSS
Exploits0References1
hackerone
hackerone
added 2019/09/11 2:11 p.m.21 views

U.S. Dept Of Defense: Followup - SQL Injection - https://██████████/██████/MSI.portal

Summary: Time based blind sql injection for parameter MSIadditionalFilterType1, at the following URL: https://███/███/MSI.portal?nfpb=true&pageLabel=msiportalpage61 Description: This is a follow up to a previous report I submitted: https://hackerone.com/reports/674838 The following page has a for...

7.4AI score
Exploits0
nvd
nvd
added 2019/08/01 5:15 p.m.20 views

CVE-2018-20937

cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...

4.3CVSS4.7AI score0.00554EPSS
Exploits0References1
osv
osv
added 2019/08/01 5:15 p.m.3 views

CVE-2018-20937

cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...

4.3CVSS5.8AI score
Exploits0References1
cvelist
cvelist
added 2019/08/01 4:6 p.m.23 views

CVE-2018-20937

cPanel before 68.0.27 does not validate database and dbuser names during renames SEC-321...

4.7AI score0.00554EPSS
Exploits0References1
prion
prion
added 2019/06/28 6:15 p.m.15 views

Design/Logic Flaw

Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request...

5.8CVSS6.2AI score0.01808EPSS
Exploits0References2Affected Software1
prion
prion
added 2019/02/06 9:29 p.m.11 views

Cross site scripting

An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS...

3.5CVSS4.7AI score0.0067EPSS
Exploits1References1Affected Software1
nessus
nessus
added 2019/01/03 12:0 a.m.22 views

Fedora 29 : phpMyAdmin (2018-088802878a)

Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. The security fixes involve : - Local file inclusion https://www.phpmyadmin.net/security/PMASA-2018-6/, - XSRF/CSRF...

5.5AI score
Exploits0References2
opensuse
opensuse
added 2018/12/14 6:10 p.m.167 views

Security update for phpMyAdmin (moderate)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245: - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

0.3AI score0.03254EPSS
Exploits0References1
redhat
redhat
added 2017/08/01 2:18 p.m.13 views

mysql: Incorrect input validation allowing code execution via mysqldump

It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...

7.5AI score
Exploits0References6
osv
osv
added 2017/07/17 1:18 p.m.3 views

CVE-2017-1000005

PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data stealing data...

6.1CVSS5.8AI score0.00723EPSS
Exploits0References1
cnvd
cnvd
added 2017/07/14 12:0 a.m.3 views

PHPMiniAdmin Stored Cross-Site Scripting Vulnerability

PHPMiniAdmin is a lightweight MySQL database management tool written in PHP. The tool supports common functions such as importing and exporting databases and executing SQL statements. A cross-site scripting vulnerability exists in database names, table names, and column names in PHPMiniAdmin...

6.1CVSS6.3AI score0.00723EPSS
Exploits0References1
osv
osv
added 2016/12/11 2:59 a.m.2 views

DEBIAN-CVE-2016-6608

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions prior to 4.6.4 are affected...

6.1CVSS6.5AI score0.0128EPSS
Exploits0References1
prion
prion
added 2016/12/11 2:59 a.m.20 views

Cross site scripting

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions prior to 4.6.4 are affected...

4.3CVSS6AI score0.0128EPSS
Exploits0References3Affected Software1
debiancve
debiancve
added 2016/12/11 2:0 a.m.44 views

CVE-2016-6608

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions prior to 4.6.4 are affected...

6.1CVSS6.8AI score0.0128EPSS
Exploits0
redhat
redhat
added 2016/12/08 4:6 p.m.21 views

mysql: Incorrect input validation allowing code execution via mysqldump

It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...

6.6CVSS7.5AI score0.0264EPSS
Exploits0References6
Rows per page
Query Builder