New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been...

EUVD-2019-6579

Malware in sbrugna...

CVE-2019-15622

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries...

ZOHO ManageEngine ADAudit Plus SQL Injection Vulnerability (CNVD-2024-37480)

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute custom queries and access database...

ZOHO ManageEngine ADAudit Plus SQL Injection Vulnerability (CNVD-2024-37485)

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. A SQL injection vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8121, which can be exploited by an attacker to execute custom queries and access database tab...

ZOHO ManageEngine ADAudit Plus SQL Injection Vulnerability (CNVD-2024-37486)

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute custom queries and access database...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. A SQL injection vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8121, which can be exploited by an attacker to execute custom queries and access database tab...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute custom queries and access database...

Spring Data JPA introduces query parser!

The Problem One of Spring Data JPA’s handy features is letting you plugin in custom JPA queries through its @Query annotation. This allows some flexiblity because you are still able to offer sort parameters to the consumers of your app. Check out the example below: interface SampleRepository...

LDAP Query and Enumeration Module

This module allows users to query an LDAP server using either a custom LDAP query, or a set of LDAP queries under a specific category. Users can also specify a JSON or YAML file containing custom queries to be executed using the RUNQUERYFILE action. If this action is specified, then QUERYFILEPATH...

Querying Windows Event Logs for Faster Investigation and Response

With this week’s release on the VMware Carbon Black Cloud, users can now remotely inspect Windows devices’ event logs to pull back information that could be helpful during an investigation or response scenario. This new capability comes as part of an update to the Live Query functionality provide...

Securing GraphQL API

Introduction to GraphQL Representational state transfer REST APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP...

CVE-2019-15622

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries...

CVE-2019-15622

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries...

Security feature bypass

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries...

CVE-2019-15622

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries...

CVE-2019-15622

The CVE-2019-15622 issue affects the Nextcloud Android app (3.6.0) where insufficient sanitization in the FileContentProvider allows bypassing query restrictions and exposing data from protected tables (e.g., filelist.db). The root cause is improper validation/restriction of SQL queries, enabling...

Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)

Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries...

SniffAir - A Framework For Wireless Pentesting

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly...