U.S. Dept Of Defense: SQLi on █████████

Researcher discovered a Boolean-based SQLi on a Dept. of Defense asset. Discovered a boolean-based SQLi on a Dept. of Defense asset...

Zomato: Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json

@zzzhacker13 identified a Solr Injection on the userid parameter at :/v2/leaderboardv2.json. Our team analyzed internally and found that only fq=injection was possible on the Solr endpoint, hence the Solr injection was of low impact since there was no way to escalate it to exfiltrate data, one...

openSUSE Security Update : perl-YAML-LibYAML (openSUSE-2020-1093)

This update for perl-YAML-LibYAML fixes the following issues : perl-YAML-LibYAML was updated to 0.69: bsc1173703 - Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. - Clarify documentation about exported functions -...

openSUSE Security Update : perl-YAML-LibYAML (openSUSE-2020-1089)

This update for perl-YAML-LibYAML fixes the following issues : perl-YAML-LibYAML was updated to 0.69: bsc1173703 - Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. - Clarify documentation about exported functions -...

SUSE SLED15 / SLES15 Security Update : perl-YAML-LibYAML (SUSE-SU-2020:2025-1)

This update for perl-YAML-LibYAML fixes the following issues : perl-YAML-LibYAML was updated to 0.69: bsc1173703 Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. Clarify documentation about exported functions Dump...

Security update for perl-YAML-LibYAML (moderate)

openSUSE Security Update: Security update for perl-YAML-LibYAML Announcement ID: openSUSE-SU-2020:1093-1 Rating: moderate References: 1173703 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for perl-YAML-LibYAML fixes the...

OPENSUSE-SU-2020:1093-1 Security update for perl-YAML-LibYAML

This update for perl-YAML-LibYAML fixes the following issues: perl-YAML-LibYAML was updated to 0.69: bsc1173703 Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. Clarify documentation about exported functions Dump w...

Security update for perl-YAML-LibYAML (moderate)

openSUSE Security Update: Security update for perl-YAML-LibYAML Announcement ID: openSUSE-SU-2020:1089-1 Rating: moderate References: 1173703 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for perl-YAML-LibYAML fixes the...

GHSA-864J-6QPP-CMRR SQL Injection in Geocoder

sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when withinboundingbox is used in conjunction with untrusted swlat, swlng, nelat, or nelng data...

SQL Injection in Geocoder

sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when withinboundingbox is used in conjunction with untrusted swlat, swlng, nelat, or nelng data...

AdRotate < 5.8.4 - Authenticated SQL Injection

Authenticated SQL injection in the AdRotate 5.8.3.1 exists via param "id". However, this requires an admin privileged user. NOTE: The plugin author mistook this SQLi bug for XSS but the remedy remains OK. PoC Param "id" is vulneable to SQL Injeciton. Example 1:...

AdRotate < 5.8.4 - Authenticated SQL Injection

Authenticated SQL injection in the AdRotate 5.8.3.1 exists via param "id". However, this requires an admin privileged user. NOTE: The plugin author mistook this SQLi bug for XSS but the remedy remains OK. Param "id" is vulneable to SQL Injeciton. Example 1:...

Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2020-1585)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Online Examination System 1.0 SQL Injection

Exploit Title: Online Examination System 1.0 - 'eid' SQL Injection Google Dork: N/A Date: 2020-05-16 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14210/online-examination-system-project-using-phpmysql.html Software Link:...

Victor CMS 1.0 SQL Injection

Exploit Title: Victor CMS 1.0 - 'post' SQL Injection Google Dork: N/A Date: 2020-05-09 Exploit Author: BKpatron Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A my website:...

Updated openldap packages fix security vulnerabilities

Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service slapd crash via a member MODDN operation CVE-2017-17740. I...

School ERP Pro 1.0 SQL Injection

Exploit Title: School ERP Pro 1.0 - 'esmessagesid' SQL Injection Date: 2020-04-28 Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKURT SQL Injection Detail...

DEBIAN-CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

Denial of service

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...