4 matches found
SQL Injection
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...
Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine
Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...
Incorrect Default Permissions
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Incorrect Default Permissions due to missing validations, which allow an attacker to take over ownership of dashboards, charts, or datasets. Note: This...
PT-2020-17248 · Microsoft · Windows Logon
Name of the Vulnerable Software and Affected Versions: Windows Logon versions prior to 4.1.2 Description: The issue allows an attacker with local user privileges to manipulate the installer into writing to arbitrary privileged directories by not properly validating file installation paths. This c...