15 matches found
CVE-2022-38542
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...
CVE-2019-20008
In Archery before 1.3, inserting an XSS payload into a project name either by creating a new project or editing an existing one will result in stored XSS on the vulnerability-scan scheduling page...
EUVD-2019-0105
Malware in sbrugna...
Design/Logic Flaw
Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...
Archery SQL注入漏洞
Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...
CVE-2022-38538
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module...
CVE-2022-38542
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...
CVE-2022-38540
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...
Sql injection
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module...
Sql injection
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply...
CVE-2022-38540
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...
CVE-2022-38538
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module...
Archery SQL注入漏洞
Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.0 through v1.8.5, which stems from the ThreadIDs parameter in the createkillsession interface containing a SQL injection vulnerability...
Archery SQL注入漏洞
Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.5 through v1.8.5, which stems from the startfile, endfile, and starttime parameters in the binlog2sql interface containing multiple SQL injection vulnerabilities...
PT-2022-24445 · Archery · Archery
Name of the Vulnerable Software and Affected Versions: Archery versions 1.7.5 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the where parameter at the "/archive/apply" API endpoint. Recommendations: For versions 1.7.5...