CVE-2023-42284

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

Sql injection

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

PT-2023-7385 · Tyk · Tyk Gateway

Name of the Vulnerable Software and Affected Versions: Tyk Gateway version 5.0.3 Description: The issue is related to a lack of protection against SQL query structure exploitation in the Tyk Gateway API implementation. This allows a remote attacker to execute arbitrary SQL queries. Specifically, ...

CVE-2023-42284

CVE-2023-42284 concerns Tyk Gateway 5.0.3. The vulnerability is a blind SQL injection in the API parameter api_version , enabling an attacker to access and dump the database via a crafted query. Reported impact is high (database exposure/compromise) with CVSS 3.1 base score 9.8 (CRITICAL) from NV...

CVE-2023-42284

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

CVE-2023-2907

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605...

CVE-2023-2907 SQLi in Marksoft

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Marksoft allows SQL Injection. This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605...

SUSE-SU-2023:2445-1 Security update for google-cloud-sap-agent

This update of google-cloud-sap-agent fixes the following issues: - rebuild the package with the go 1.19 security release bsc1200441. - Update to version 1.5.1 bsc1210464 - Raise golang API version to 1.20...

SUSE-SU-2023:0602-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following bsc1208723: - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js bsc1191468. - CVE-2022-23806: Fixed...

SUSE CVE-2010-0629

Use-after-free vulnerability in kadmin/server/serverstubs.c in kadmind in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service daemon crash via a request from a kadmin client that sends an invalid API version number...

U.S. Dept Of Defense: XSS on ( █████████.gov ) Via URL path

An XSS vulnerability was discovered on a government website, allowing an attacker to execute malicious code on the victim's browser and steal their cookies, potentially leading to account takeover. The vulnerability was exploited by injecting a script into the URL path. The suggested mitigation i...

Shenzhen Fujia Technology OurPhoto 安全漏洞

Shenzhen Fujia Technology OurPhoto is a cloud photo frame software from Shenzhen Fujia Technology, China. It allows you to share photos and video files directly on your cell phone. A security vulnerability exists in Shenzhen Fujia Technology OurPhoto version 1.4.1 that stems from the usertoken...

CVE-2022-37144

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user...

Malicious Package

Overview @epc-apps/api-version-test is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Mattermost Server exposes sensitive user status information via REST API version 4 endpoint

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

CVE-2021-43350

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter...

PT-2021-17178 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 1.8.4 Description: An issue in Argo CD allows accessing the "api/version" endpoint, which leaks internal system information. This endpoint is not protected with authentication. Recommendations: For versions prior to...

Security update for nodejs10 (moderate)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:0065-1 Rating: moderate References: 1179491 1180553 1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8287 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now...

SUSE-SU-2021:0060-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

PT-2020-20253

Name of the Vulnerable Software and Affected Versions EyesOfNetwork version 5.3 EyesOfNetwork API version 2.4.2 Description An issue was discovered that allows an unauthenticated attacker to perform various tasks, including authentication bypass via the username field. This is due to SQL injectio...