mysql: Incorrect input validation allowing code execution via mysqldump

It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...

SweetRice 1.5.1 - Cross-Site Request Forgery

SweetRice 1.5.1 - Cross-Site Request Forgery document.forms0.submit;...

Database Creation Error: The login already has an account under a different user name

When running the New Database Creation Wizard on the Workspace Environment Management WEM Infrastructure Services server, the administrator encounters the following error: "Database Creation Error!" A database is partially created on the SQL server, without any tables. TheCitrix Workspace...

CVE-2015-5754

creationtimestamp| type| source ---|---|--- 2015-09-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38136...

OpenEMR 4.0.0 - Multiple Vulnerabilities

No description provided by source. ------------------------------------------------------------------------ Software................OpenEMR 4.0.0 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.oemr.org/ Discovery...

Updated otrs packages fix security vulnerabilities and a missing dependency

Updated otrs package fixes security vulnerabilities: In OTRS before 3.2.14, an attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks CVE-2014-1694. In OTRS before 3.2.14, an...

CVE-2013-1436

creationtimestamp| type| source ---|---|--- 2013-07-26 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38680...

CVE-2012-3441

The database creation script module/idoutils/db/scripts/createmysqldb.sh in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors...

OpenEMR 4.0.0 Multiple Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................OpenEMR 4.0.0 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.oemr.org/...

OpenEMR 4.0.0 - Multiple Vulnerabilities

OpenEMR 4.0.0 - Multiple Vulnerabilities ------------------------------------------------------------------------ Software................OpenEMR 4.0.0 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.oemr.org/ Discovery...

OpenEMR 4.0.0 - Multiple Vulnerabilities

------------------------------------------------------------------------ Software................OpenEMR 4.0.0 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.oemr.org/ Discovery Date..........4/2/2011 Tested...

OpenEMR 4.0.0 Database Manipulation

------------------------------------------------------------------------ Software................OpenEMR 4.0.0 Vulnerability...........Arbitrary Database Creation/Database Enumeration Threat Level............Low 1/5 Download................http://www.oemr.org/ Discovery Date..........4/2/2011...

CRE Loaded version => 6.2 (install.php) Vulnerability

Exploit for php platform in category web applications ===================================================== CRE Loaded version = 6.2 install.php Vulnerability ===================================================== +: Date: 2010-09-13 +: Author: CTRL +: Software Link: http://creloaded.org/ +:...

phpMyAdmin 3.3.5 XSS Vulnerability

Exploit for php platform in category web applications ================================== phpMyAdmin 3.3.5 XSS Vulnerability ================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1...

PostgreSQL: PL/Perl Intended restriction bypass

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrar...

PostgreSQL: PL/Perl Intended restriction bypass

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrar...

PostgreSQL: PL/Tcl Intended restriction bypass

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltclmodules table regardless of the table's ownership and permissions, which allows remo...

CVE-2010-1169

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrar...

phpmyadmin 3.3.0 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications =================================================== phpmyadmin 3.3.0 Cross Site Scripting Vulnerability =================================================== there is a xss in phpmyadmin 3.3.0 when we create new database in interface, the...

phpMyAdmin 3.3.0 Cross Site Scripting

there is a xss in phpmyadmin 3.3.0 when we create new database in interface, the "newdb" parameter do not filter characters when users enter. attacker can enter malicious code, like "alert/liscker/;". it also can be true in post and get. but in post, we can not encode xss code, or , the xss will...