CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

Sql injection

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

CVE-2019-10749

CVE-2019-10749 affects sequelize prior to 3.35.1. The vulnerability arises in the Postgres dialect where JSON path keys are not properly sanitized, enabling SQL injection. Affected component: Sequelize (Node.js ORM) code paths used for generating queries with JSON path keys. Exploitation details ...

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts

Machine Learning for Threat Intuitive Analysis The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and...

Raml-Module-Builder SQL Injection Vulnerability

Raml-Module-Builder is a framework that allows the creation of modules based on RAML files. A SQL injection vulnerability exists in PostgresClient.update in Raml-Module-Builder version 26.4.0, which can be exploited by an attacker to execute illegal SQL commands...

DEBIAN-CVE-2019-14234

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...

CVE-2016-10782

cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs SEC-181...

CVE-2016-10782

cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs SEC-181...

Cross site scripting

cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs SEC-181...

CVE-2016-10782

CVE-2016-10782 affects cPanel versions prior to 60.0.25, with a self-stored XSS in the postgres API1 listdbs. The root cause is insufficient validation of client-side data in the web application, allowing injected scripts to run when listing databases. Impact: stored XSS in affected user sessions...

SQL Injection

Overview Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later. References...

SQL Injection

sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not escape the JSON path key provided by the user using postgres dialects in query-generator.js...

SQL Injection

Overview sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection due to JSON path keys not being properly sanitized in the Postgres dialect. PoC by Snyk const Sequelize =...

@arkecosystem/core (>=2.1.0 <=2.7.26), @arkecosystem/core-database-postgres (>=0.2.0 <=2.7.26) +222 more potentially affected by unknown CVE via sql (>=0.0.5 <=0.78.0)

sql NPM version =0.0.5, =2.1.0, =0.2.0, =2.4.0, =0.1.0, =2.1.0, =1.0.0, =1.0.0, =2.0.0-alpha.1, =2.0.0-pre.12, =2.0.0-alpha.1, =1.0.0, =0.20.1, =0.4.4, =1.1.0, =1.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8F93-RV4P-X4JW...

Password Cracker: Databases

This module uses John the Ripper or Hashcat to identify weak passwords that have been acquired from the mssqlhashdump, mysqlhashdump, postgreshashdump, or oraclehashdump modules. Passwords that have been successfully cracked are then saved as proper credentials. Due to the complexity of some of t...

PostgreSQL COPY FROM PROGRAM Command Execution

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pgexecuteserverprogram' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a ne...

GHSA-9C2P-JW8P-F84V SQL Injection in sequelize

Affected versions of sequelize cast arrays to strings and fail to properly escape the resulting SQL statement, resulting in a SQL injection vulnerability. Proof of Concept In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped...

SQL Injection in sequelize

Affected versions of sequelize cast arrays to strings and fail to properly escape the resulting SQL statement, resulting in a SQL injection vulnerability. Proof of Concept In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped...

RATELIMITED: Information Disclosure PHPpgAdmin

PHPpgAdmin is a piece of script which allows system administrators to manage their Postgres databases easily from a webUI. We had forgotten to limit access to this script, resulting in the ability for a brute-force attack to happen...