EUVD-2023-34933

Malicious code in bioql PyPI...

EUVD-2023-34984

Malicious code in bioql PyPI...

EUVD-2023-34938

Malicious code in bioql PyPI...

CVE-2023-30552

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sql/instance.py endpoint's describe method. In several cases, user...

Sql injection

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sqlapi/apiworkflow.py endpoint ExecuteCheck which passes unfiltered...

CVE-2023-30557

CVE-2023-30557 affects Archery, an open-source SQL audit/management tool. The vulnerability arises from SQL injection in the data_dictionary.py table_info endpoint, where user input from db_name and tb_name is unsafely concatenated into SQL queries and passed to database engines (sql/engines/mssq...

CVE-2023-30556 SQL injection in sql_optimize.py optimize_sqltuningadvisor method in Archery - GHSL-2022-107

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the optimizesqltuningadvisor method of sqloptimize.py. User input comin...

CVE-2023-30555

CVE-2023-30555 concerns Archery, an open-source SQL audit platform, with multiple SQL injection vulnerabilities in the explain endpoint. The root cause is that user input from the db_name parameter is passed to database engine queries (query methods in sql/engines/mssql.py and sql/engines/oracle....

CVE-2023-30553

CVE-2023-30553 affects Archery, an open-source SQL audit platform, containing multiple SQL injection vulnerabilities in the sql_api/api_workflow.py ExecuteCheck endpoint. User input from db_name and full_sql in ExecuteCheck is concatenated into SQL queries by vulnerable code paths in sql/engines/...

CVE-2023-30553 Multiple SQL injections in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-102

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...

PT-2023-8664 · Unknown · Mailsherlock

Name of the Vulnerable Software and Affected Versions: MailSherlock affected versions not specified Description: The issue is related to the lack of protection against SQL query structure exploitation in the email audit record platform. This can be exploited by a remote attacker to execute...

Weak Password Vulnerability in Mingguo Comprehensive Log Audit Platform of Hangzhou Anheng Information Technology Co.

MingGuard Integrated Log Audit Platform is a comprehensive management platform as an information system. There is a weak password vulnerability in Mingguo Comprehensive Log Audit Platform of Hangzhou ACE Information Technology Co., Ltd, which can be exploited by an attacker to log in to the syste...