Page 7 of 147 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name parameter to (1) tabella.php, (2) coloni.php, or (3) insert.php or (4) num_row parameter to coloni.php. Múltiples vulnerabilidades de XSS en MySql Lite Administrator (mysql-lite-administrator) beta-1 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro table_name en (1) tabella.php, (2) coloni.php, o (3) insert.php o (4) del parámetro num_row en coloni.php. MySQL Lite Administrator version Beta 1 suffers from multiple cross site scripting vulnerabilities. • http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt http://packetstormsecurity.com/files/132420/MySQL-Lite-Administrator-Beta-1-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/535809/100/0/threaded http://www.securityfocus.com/bid/75397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. Vulnerabilidad no especificada en el componente MySQL Connectors en Oracle MySQL 5.1.34 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con Connector/J. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html http://www.debian.org/security/2016/dsa-3621 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74075 http://www.securitytracker.com/id/1032121 https://security.netapp.com/advisory/ntap-20150417-0003 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. Vulnerabilidad de inyección de SQL en CSP MySQL User Manager 2.3 permite a atacantes remotos ejecutar comandos de SQL arbitrarios a través del campo de login de la página de inicio de sesión. • http://osvdb.org/101867 http://packetstormsecurity.com/files/124724/cspmysql-sql.txt http://secunia.com/advisories/56348 http://www.securityfocus.com/bid/64731 https://exchange.xforce.ibmcloud.com/vulnerabilities/90210 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 3%CPEs: 107EXPL: 0

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553. Desbordamiento de búfer en yaSSL, como se usa en MySQL v5.1.x hasta 5.1.68 y en v5.5.x antes de v5.5.30, tiene un impacto no especificado y vectores de ataque, una vulnerabilidad diferente a CVE-2012-0553. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MySQL with yaSSL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the yaSSL library that is optionally used by MySQL for SSL communication. There exists an off-by-one overflow that is repeatedly performed during the SSL handshake. • http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-30.html http://secunia.com/advisories/52445 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 105EXPL: 0

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492. Desbordamiento de búfer en yaSSL, usado en MySQL v5.1.x antes de v5.1.68 y v5.5.x antes de v5.5.28, tiene un impacto no especificado y vectores de ataque, una vulnerabilidad diferente a CVE-2013-1492. • http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-68.html http://secunia.com/advisories/52445 http://secunia.com/advisories/53372 http://security.gentoo.org/glsa/glsa-201308-06.xml https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •