NoSQL injection

Overview Versions of express-cart before 1.1.8 are vulnerable to NoSQL injection. The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query...

NoSQL Injection

loopback-connector-mongodb is susceptible to NoSQL injection attack. The buildWhere and buildSort functions fail to sanitize the filter passed to the database query, allowing the attacker to inject and execute arbitrary NoSQL queries...

NoSQL Injection

Overview Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the speci...

Privilege Escalation due to Blind NoSQL Injection in flintcms

Versions of flintcms before version 1.1.10 are vulnerable to account takeover due to blind MongoDB injection in the password reset. Recommendation Update to version 1.1.10 or later...

GHSA-JHQ3-57XH-6643 Privilege Escalation due to Blind NoSQL Injection in flintcms

Versions of flintcms before version 1.1.10 are vulnerable to account takeover due to blind MongoDB injection in the password reset. Recommendation Update to version 1.1.10 or later...

Privilege Escalation due to Blind NoSQL Injection

Overview Versions of flintcms before version 1.1.10 are vulnerable to account takeover due to blind MongoDB injection in the password reset. Recommendation Update to version 1.1.10 or later. References - HackerOne Report - GitHub Advisory...

la.brujeriadeamarres.com XSS vulnerability

Open Bug Bounty ID: OBB-585889 Description| Value ---|--- Affected Website:| la.brujeriadeamarres.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Sql injection

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover...

CVE-2017-1000493

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover...

CVE-2017-1000493

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover...

CVE-2017-1000493

CVE-2017-1000493 affects Rocket.Chat Server, 0.59 and earlier. The root cause is a NoSQL injection that can lead to an administrator account takeover. The connected records confirm the vulnerable component and the impact; there is no publicly documented remediation version within the provided doc...

CVE-2017-1000493

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover...

Ransomware Attacks on MySQL and MongoDB

Ransomware is arguably one of the most vicious types of attack cyber security experts are dealing with today. The impact ransomware attacks can have on an organization is huge and costly. A ransomware payment alone does not reflect the total expense of an attack—the more significant costs come fr...

NoSQL Injection

A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of...

Blind NoSQL Injection (differential analysis)

A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of...

FireEye Trojan analysis engine (MAS) 6.4.1 – multiple vulnerabilities-vulnerability warning-the black bar safety net

FireEye Trojan analysis system MAS web login section there are multiple serious vulnerabilities. Multiples Vulnerabilities 3 XSS reflected 1 CSRF 1 NoSQLi Json object 1 PostGreSQL SQLi Exploitable? 1 File and Path Disclosure 1 Source code Info-leak XSS: The Cross-Station 1...

Thousand Bo enterprise website management system HitCount. Asp page injection vulnerability-vulnerability warning-the black bar safety net

Program have joined the anti-injection code, in NoSql. asp file 7kccopyd-code % If EnableStopInjection = True Then Dim FyPost, FyGet, FyIn, FyInf, FyXh, Fydb, Fydbstr FyIn = "’|;|and|exec|insert|select|delete|update|count||%|chr|mid|master|truncate|char|declare" FyInf = SplitFyIn, "|" If Request...

Thousand Bo enterprise website management system Oday-vulnerability warning-the black bar safety net

Program have joined the anti-injection code, in NoSql. asp file 7kccopyd-code % If EnableStopInjection = True Then Dim FyPost, FyGet, FyIn, FyInf, FyXh, Fydb, Fydbstr FyIn = "’|;|and|exec|insert|select|delete|update|count||%|chr|mid|master|truncate|char|declare" FyInf = SplitFyIn, "|" If Request...