QIWI: mysql.initial.sql file is accessable for everyone

здравствуйте. я нашел mysql.initial.sql файл Roundcube Webmail initial database structure. оно открыта для всех. это sql файл которая создает структуру разных таблиц как user,session,cache и так далее PoC url: https://contact.rapida.ru/mysql.initial.sql F1164134 F1164136 Impact information...

Under Construction Page with CPanel 1.0 - SQL injection

Exploit Title: Under Construction Page with CPanel 1.0 - SQL injection Date: 17-11-2020 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/under-construction-page-with-cpanel/ Version: 1.0 Tested on: PopOS SQL Injection: SQL...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

Typo3 CMS Static Info Tables 6.7.3 Database Disclosure

Exploit Title : Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/01/2019 Vendor Homepage : typo3.org - extensions.typo3.org/extension/staticinfotables/ Software Download Link :...

Security Bulletins - IBM Planning Analytics, Cognos TM1 and Cognos Insight

Problem IBM Planning Analytics and Cognos TM1 Security Bulletins and Alerts. Resolving The Problem Tab navigation PA 2.0.x TM1 10.2.x Insight 10.2.x Concert 4.0.2 Security bulletins and Alerts for IBM Planning Analytics 2.0.x. --- Published / Updated | Title July 2018 | Security Bulletin: Multipl...

CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

UBUNTU-CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

CVE-2016-2561

CVE-2016-2561 affects phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1, allowing remote authenticated users to inject arbitrary web script/HTML via multiple vectors (notably normalization.php, js/normalization.js, sortable_header.phtml, and the pos parameter to db_central_columns.php). T...

CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...

phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...

Web Reference Database PHP Remote File Inclusion Vulnerability

Web Reference Database aka refbase is a web-based multi-user interface product developed by the refbase community to provide search tools and automatic indexing for scientific literature management. A PHP remote file inclusion vulnerability exists in the install.php script in Web Reference Databa...

CVE-2014-4954

Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...

CVE-2014-4954

Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...

Cross site scripting

Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...

CVE-2014-4954

Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...

CVE-2014-4954

Cross-site scripting XSS vulnerability in the PMAgetHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a...

Self-XSS due to unescaped HTML output in database structure page.

PMASA-2014-4 Announcement-ID: PMASA-2014-4 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database structure page. Description With a crafted table comment, it is possible to trigger an XSS in database structure page. Severity We consider this vulnerability to be non critical...

DigitalSellz: Verbose SQL error messages

When an SQL error occurs, a verbose error is displayed showing the full query and the path of the include file on the server. This is valuable information, revealing the structure of the database and the layout of files on the server...