13 matches found
CVE-2022-50590
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...
CVE-2022-50590
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...
CVE-2022-50590 SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality
SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of t...
EUVD-2020-27403
Malware in sbrugna...
UBUNTU-CVE-2024-1713
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum...
CVE-2022-46163
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
Information Disclosure
pageflow is vulnerable to information disclosure.The vulnerability exists in multiple functions in entry.rb and usermixin.rb because the lack of restrictions to database objects which allows an attacker to gain access to the data of associated database objects...
Pageflow vulnerable to sensitive user data extraction via Ransack query injection
Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...
GHSA-WRRW-CRP8-979Q Pageflow vulnerable to sensitive user data extraction via Ransack query injection
Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...
openGauss: Enabling the Auditing of the Query of Database Objects
The parameter auditdmlstateselect specifies whether to audit the SELECT operation on database objects. After this parameter is set to on, the SELECT operation on database objects is traced. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced source...
Borland/Inprise Interbase SQL database server contains backdoor superuser account with known password
Overview Description Interbase is an open source database package that is distributed by Borland/Inprise. The server contains a compiled-in backdoor account with a known password.In the following interbase code, references are made about a LOCKSMITH user: ./jrd/dyn.e ./jrd/isc.c ./jrd/jrd.c...