CVE-2020-36003

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases...

Findsploit

It is an offensive tool for searching and exploiting. The primary CVE ID is not explicitly mentioned in the provided context. The tool, Findsploit, is a bash script that searches both local and online exploit databases. It includes three sub-scripts: "compilesploit" to automatically compile and r...

The vulnerability of the library for working with relational DBMSs like SQLAlchemy lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary code.

The vulnerability of the library for working with relational DBMSs like SQLAlchemy is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Security Bulletin: IBM Planning Analytics has addressed a security vulnerability (CVE-2016-2183)

Summary This Security Bulletin addresses a security vulnerability that has been remediated in IBM Planning Analytics 2.0.9.5 Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, us...

Oracle MySQL Server <= 5.1.67 / 5.5 <= 5.5.29 Security Update (cpuapr2013) - Windows

Oracle MySQL Server is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

vulhub1

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments for testing and learning purposes, with no pre-existing knowledge of docker required. The repository contains a variety of vulnerable...

Backdoor.Win32.Anaptix.bd Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f178de7f9918288d93ac0f065f0aa2f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Anaptix.bd Vulnerability: Insecure Permissions Description: Anaptix.bd malware create...

minio -- Server Side Request Forgery

Minio developers report: Thanks to @phith0n from our community upon a code review, discovered an SSRF Server Side Request Forgery in our Browser API implementation. We have not observed this report/attack in the wild or reported elsewhere in the community at large. All users are advised to upgrad...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is n...

[SECURITY] Fedora 32 Update: coturn-4.5.2-1.fc32

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gat eway. It can be used as a general-purpose network traffic TURN server/gateway, to o. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relayin...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a repository for testing and demonstrating various vulnerabilities in different applications and frameworks. The repository contains a variety of vulnerable environments, including web applications, databases, an...

PT-2021-4073 · Unknown +1 · Libgetdata +1

Name of the Vulnerable Software and Affected Versions: libgetdata version 0.10.0 Description: The issue is related to a heap memory corruption problem, specifically a use after free error, that can be triggered when processing maliciously crafted dirfile databases. This may lead to arbitrary code...

Sql injection

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker ca...

Automattic: SQL Injection intensedebate.com

hello dear support I have found SQL Injection on intensedebate.com parameters injectable ?acctid=1 URL:https://www.intensedebate.com/js/importStatus.php?acctid=1 I'm used sqlmap to injection command sqlmap --url https://www.intensedebate.com/js/importStatus.php?acctid=1 --dbs F1140562 available...

Urve Information Disclosure Vulnerability

Urve is a device for booking meeting rooms/rooms from Urve UK. The device supports integration with MS Exchange, Lotus, Office 365, Google Calendar and other systems to support meeting room and guest room reservations. A security vulnerability exists in URVE Build 24.03.2020, which arises when th...

What's the Value of a Key-Value Store?

A database back end for your application is vital, and odds are that your database is a relational database or a "not only SQL" NoSQL database. Relational databases have dominated the software industry for decades, even as other technologies have radically changed around it. A relational database...

CVE-2020-26273

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This does allow arbitrary...

RLSA-2020:5503 Moderate: mariadb-connector-c security, bug fix, and enhancement update

The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c 3.1.11. BZ1898993 Security Fixes: mysql: C API unspecified vulnerability CPU Apr...

ALSA-2020:5503 Moderate: mariadb-connector-c security, bug fix, and enhancement update

The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c 3.1.11. BZ1898993 Security Fixes: mysql: C API unspecified vulnerability CPU Apr...

CVE-2020-16104

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects:...