Silverstripe Missing security check on dev/build/defaults

The buildDefaults method on DevelopmentAdmin is missing a permission check. In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that...

SUSE CVE-2007-3781

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure...

SUSE CVE-2014-7217

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

SUSE CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

GHSA-WV8G-FX9J-Q2JG phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

GHSA-3Q28-XFW3-2Q35 phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...

phpMyAdmin XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...

Information Disclosure

MySQL is vulnerable to information disclosure. MySQL did not require privileges such as "SELECT" for the source table in a "CREATE TABLE LIKE" statement. An authenticated user could obtain sensitive information, such as the table structure...

Typo3 CMS pw_highslide_gallery 0.3.1 Database Disclosure

Exploit Title : Typo3 CMS pwhighslidegallery Extension 0.3.1 Database Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/01/2019 Vendor Homepage : typo3.org Software Download Link : extensions.typo3.org/extension/download/pwhighslidegallery/0.3.1/zip/...

CVE-2016-5483: use mysqldump to backup can generate Backdoor-vulnerability warning-the black bar safety net

mysqldump is used to create a MySQL database, logical backup is a commonly used tool. It is in the default configuration, you can generate one. sql file containing the create/delete tables and insert data. In import the dump file, an attacker may be manufactured by a malicious table name to...

DEBIAN-CVE-2016-5732

Multiple cross-site scripting XSS vulnerabilities in the partition-range implementation in templates/table/structure/displaypartitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters...

DEBIAN-CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

UBUNTU-CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

Cross site scripting

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

phpMyAdmin Table Structure Page Cross Site Scripting Vulnerability

phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in the table structure page of phpmyadmin version 4.6.x, which can be exploited by an attacker to execute arbitrary scripts across sites...

Fedora 21 : php-udan11-sql-parser-3.0.4-1.fc21 / phpMyAdmin-4.5.1-1.fc21 (2015-5c06260c4b)

phpMyAdmin 4.5.1.0 2015-10-23 =============================== - Invalid argument supplied for foreach - arraykeyexists expects parameter 2 to be array - Notice Undefined index: dropdatabase - Server variable edition in ANSIQUOTES sqlmode: losing current value - Propose table structure broken -...