SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection inadequate recursive validation of PostgreSQL array and row expressions in the validateNode function. An attacker can execute arbitrary SQL functions and achieve code execution on the database server by crafting malicious...

Linux Distros Unpatched Vulnerability : CVE-2020-25695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to...

CVE-2022-1020

The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...

WordPress plugin Simple Link Directory 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Notibar 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The ARMember 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The Uix Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin The Uix...

Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability

Contributor+ Arbitrary Function Execution vulnerability discovered by Security audit in WordPress Plugin Advanced Custom Fields PRO versions 6.2.10...

WordPress plugin FOX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Booster for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

Command Execution Vulnerability in Yimin Love Stocks

Yimeng love stock speculation is Yimeng efforts to create, the first support for stock speculation personality customization of lightweight stock speculation software. The EML AiShaoware has a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file in...

Command Execution Vulnerability in Pleasant Book PDF Reader

Yuet Book PDF Reader is a Shenzhen Ivy Technology Co., Ltd. developed a universal PDF reader, support for PDF, pictures, PSD, office documents, programming documents, such as tens of thousands of file formats, work and study a good helper. Yuet Book PDF Reader there is a command execution...

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Shenzhen Xunlei Network Technology Co., Ltd. Xunlei online game gas pedal has dll hijacking vulnerabilities

Xunlei online game gas pedal is Xunlei company launched a special software for the majority of online game players. Shenzhen Xunlei Network Technology Co., Ltd Xunlei online game gas pedal dll hijacking vulnerability, attackers can use the loophole in the client process to inject executable DLL...

DLL hijacking vulnerability in Mint Accelerator of Wuhan Mint Technology Co.

Mint Accelerator is a network acceleration software designed to enhance cross-region game acceleration, web browsing, music appreciation, and video viewing. Wuhan Mint Technology Co. Mint Accelerator suffers from a DLL hijacking vulnerability, which can be exploited by an attacker to inject an...

CC Live pc client software suffers from DLL hijacking vulnerability

NetEase cc live is a free voice client software launched by NetEase, it can bring the majority of online chat entertainment enthusiasts and gamers more convenient voice services. CC live pc client software DLL hijacking vulnerability, allowing attackers to exploit the vulnerability in the client...

SUSE-SU-2019:2158-1 Security update for postgresql94

This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

Borland/Inprise Interbase 4.0/5.0/6.0 - Backdoor Password

source: https://www.securityfocus.com/bid/2192/info Interbase is an open source relational database offered by Borland Inprise Corporation. Interbase contains a backdoor user account and password called "LOCKSMITH". When accessed this account will eliminate all implemented security allowing full...