The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...

Debian DLA-2478-1 : postgresql-9.6 security update

Several vulnerabilities have been found in the PostgreSQL database system. CVE-2020-25694 Peter Eisentraut found that database reconnections may drop options from the original connection, such as encryption, which could lead to information disclosure or a man-in-the-middle attack. CVE-2020-25695...

[SECURITY] [DLA 2478-1] postgresql-9.6 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2478-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 02, 2020 https://wiki.debian.org/LTS -...

CVE-2020-27660

SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter...

Sql injection

SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter...

A flaw was found in PostgreSQL versions before 13.1 before 12.5 before 11.10 before 10.15 before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

postgresql: Uncontrolled search path element in logical replication

A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...

CVE-2020-25952

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

postgresql: Uncontrolled search path element in logical replication

A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...

CVE-2020-5659

SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

DEBIAN-CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

Design/Logic Flaw

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

NAPC Xinet Elegant 6 Asset Library SQL injection (CVE-2019-19245)

An SQL injection vulnerability exists in NAPC Xinet Elegant 6 Asset Library. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

Octeth Oempro SQL injection (CVE-2019-19740)

An SQL injection vulnerability exists in Octeth Oempro. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

CVE-2020-25695

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

The vulnerability of the Magento Commerce software platform for developing and managing online stores lies in the lack of measures to protect SQL query structures. This allows attackers to execute arbitrary SQL queries against the database in the target system and gain access to protected information.

The vulnerability of the Magento Commerce development and management software platform lies in the lack of measures to protect SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database in the target system by sending a...

PT-2020-4890

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 13.1 PostgreSQL versions prior to 12.5 PostgreSQL versions prior to 11.10 PostgreSQL versions prior to 10.15 PostgreSQL versions prior to 9.6.20 PostgreSQL versions prior to 9.5.24 Description: A flaw was found in...

Joomla! JVTwitter SQL Injection Vulnerability

Developed by PHP language and MySQL database, Joomla! is a content management system Content Management System, CMS. A SQL injection vulnerability exists in Joomla! The vulnerability stems from a database application that lacks validation of externally entered SQL statements. An attacker can...

Sql injection

SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...