Lucene search
K

148 matches found

NVD
NVD
added 2019/06/19 6:15 p.m.15 views

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

9.8CVSS9.5AI score0.06223EPSS
Exploits1References2
OSV
OSV
added 2019/06/19 6:15 p.m.3 views

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

9.8CVSS7.4AI score0.06223EPSS
Exploits1References2
Prion
Prion
added 2019/06/19 6:15 p.m.20 views

Authentication flaw

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

7.5CVSS9.4AI score0.06223EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/06/19 6:0 p.m.72 views

CVE-2019-12890

RedwoodHQ 2.5.5 is affected by an authentication bypass in its database operations. The root cause is a lack of authentication for certain database actions, enabling remote attackers to insert admin users via the con.automationframework users insert_one call. As described across multiple sources,...

9.8CVSS9.4AI score0.06223EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/03/04 12:0 a.m.1 views

Unauthorized Access Vulnerability in Odoo

Odoo formerly known as OpenERP is an enterprise resource planning ERP and customer relationship management CRM system. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management and financial management. Odoo suffers...

7.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/01/08 8:0 a.m.71 views

January 8, 2019—KB4480978 (OS Build 16299.904)

January 8, 2019—KB4480978 OS Build 16299.904 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts...

9.3CVSS7.2AI score0.82902EPSS
Exploits34
0day.today
0day.today
added 2019/01/04 12:0 a.m.28 views

Apache CouchDB 2.3.0 Cross Site Request Forgery Vulnerability

Apache CouchDB version 2.3.0 suffers from cross site request forgery vulnerabilities providing there's a loose CORs policy. Exploit Title: Apache CouchDB 2.3.0 Cross Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link:...

7.1AI score
Exploits0
Prion
Prion
added 2018/01/03 2:29 p.m.16 views

Cross site request forgery (csrf)

phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7 are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...

6.8CVSS8.4AI score0.08464EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2018/01/03 2:29 p.m.19 views

CVE-2017-1000499

phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7 are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...

8.8CVSS8.8AI score
Exploits0References4
NVD
NVD
added 2018/01/03 2:29 p.m.18 views

CVE-2017-1000499

phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7 are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...

8.8CVSS8.6AI score0.08464EPSS
Exploits5References4
Cvelist
Cvelist
added 2018/01/03 2:0 p.m.38 views

CVE-2017-1000499

phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7 are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...

8.5AI score0.08464EPSS
Exploits5References4
Debian CVE
Debian CVE
added 2018/01/03 2:0 p.m.27 views

CVE-2017-1000499

phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7 are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc...

8.8CVSS8.6AI score0.08464EPSS
Exploits5
OpenVAS
OpenVAS
added 2018/01/03 12:0 a.m.32 views

phpMyAdmin XSRF/CSRF Vulnerability (PMASA-2017-9) - Windows

phpMyAdmin is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.7AI score0.08464EPSS
Exploits5References1
OpenVAS
OpenVAS
added 2018/01/03 12:0 a.m.35 views

phpMyAdmin XSRF/CSRF Vulnerability (PMASA-2017-9) - Linux

phpMyAdmin is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.7AI score0.08464EPSS
Exploits5References1
The Hacker News
The Hacker News
added 2018/01/02 4:30 a.m.15 views

Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases

A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link. Discovered by an Indian security...

6.4AI score
Exploits0
OpenVAS
OpenVAS
added 2017/12/30 12:0 a.m.30 views

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2017:3448-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.7AI score0.08464EPSS
Exploits5References2
OPENSUSE Linux
OPENSUSE Linux
added 2017/12/29 9:10 p.m.48 views

Security update for phpMyAdmin (important)

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

2.3AI score
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2017/12/29 9:9 p.m.75 views

Security update for phpMyAdmin (important)

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

2.3AI score
Exploits0References1
OSV
OSV
added 2017/12/29 4:35 p.m.3 views

OPENSUSE-SU-2017:3451-1 Security update for phpMyAdmin

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

7.3AI score
Exploits0References2
OSV
OSV
added 2017/12/28 1:16 p.m.3 views

MGASA-2017-0471 Updated phpmyadmin packages fix security vulnerability

Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc PMASA-2017-9. The phpmyadmin package has been updated to version 4.7.7 to fix...

6.9AI score
Exploits0References10
Rows per page
Query Builder