Vulnerabilities fixed in Dell iDRAC

Vulnerabilities have been fixed in Dell iDRAC. The vulnerabilities allow a malicious person to execute arbitrary code execute under user privileges by performing an SQL Injection, Denial-of-Service DoS and executing arbitrary code. It is good practice not to have such an environment publicly to b...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. FUEL CMS in version 1.5.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the parameter col in the software's /FUEL/index.php/FUEL/logs/items for externally-inputted SQL...

ClinicCases SQL注入漏洞

ClinicCases is an open source case management system designed for law school clinics. ClinicCases version 7.3.3 suffers from a SQL injection vulnerability that allows a low-privilege attacker to execute arbitrary SQL commands via vulnerable parameters...

Solarwinds Orion Platform SQL注入漏洞

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...

WMS SQL注入漏洞

WMS is a warehouse management software. v1.0 version of WMS has a SQL injection vulnerability, the vulnerability is derived from the GET parameter "id" is passed without filtering, an attacker can use the vulnerability to obtain sensitive database information...

Vulnerabilities fixed in F5 BIG-IP

Vulnerabilities have been fixed in F5 BIG-IP. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution User Rights SQL Injection Access to...

EARCLINK ESPCMS SQL注入漏洞

Honghu Erchuang Netlink Information Technology EARCLINK ESPCMS is an enterprise website building system from China's Honghu Erchuang Netlink Information Technology Company. A SQL injection vulnerability exists in the espcmsweb/Search.php component of EARCLINK ESPCMS-P8, which can be exploited by...

SQLite 缓冲区错误漏洞

SQLite is a self-sufficient, serverless, zero-configuration, transactional SQL database engine. idxGetTableInfo function in SQLite version 3.36.0 is vulnerable to a segmentation error. An attacker could exploit the vulnerability via a specially crafted SQL query to cause a denial of service...

Envoy SQL注入漏洞

Envoy is an open source distributed proxy server . envoyproxy envoy SQL injection vulnerability can be exploited by an attacker to cause a denial of service on the proxy...

Philips Healthcare Tasy Electronic Medical Record SQL注入漏洞

Philips Healthcare Tasy Electronic Medical Record EMR is a comprehensive healthcare informatics solution that addresses all areas of the healthcare environment, connecting the dots between clinical and non-clinical areas of the healthcare continuum. philips Healthcare Tasy Electronic Medical Reco...

Philips Healthcare Tasy Electronic Medical RecordSQL注入漏洞

Philips Healthcare Tasy Electronic Medical Record EMR is a comprehensive healthcare informatics solution that addresses all areas of the healthcare environment, connecting the dots between clinical and non-clinical areas of the healthcare continuum. philips Healthcare Tasy Electronic Medical Reco...

WordPress plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin M Vslider SQL injection...

Wordpress Plugin Broken Link Manager SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in Wordpress Plugin Brok...

Local Services Search Engine Management System SQL注入漏洞

Local Services Search Engine Management System is a local services search engine management system. Local Services Search Engine Management System Project 1.0 suffers from a SQL injection vulnerability that arises from a database-based application that lacks validation of externally entered SQL...

Migrating content from traditional SIEMs to Azure Sentinel

In part two of this three-part series, we covered the five types of side-by-side security information and event management SIEM configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and...

CVE-2021-37358

SQL Injection in SEACMS v210530 2021-05-30 allows remote attackers to execute arbitrary code via the component "adminajax.php?action=checkrepeat&vname="...

The vulnerability of the users.queries.php component of the TeamPass password manager allows a hacker to execute arbitrary SQL commands.

The vulnerability of the users.queries.php component of the TeamPass password manager is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL commands...

SeaCMS SQL注入漏洞

SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A SQL injection vulnerability exists in SEACMS v210530, which stems from a lack of validation of externally entered SQL statements in database-based...

The vulnerability of U.motion’s sensor panel’s microprogramming software lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of U.motion’s sensor panel’s microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

[SECURITY] Fedora 34 Update: rust-jql-2.9.4-2.fc34

JSON query language CLI tool...