RuvarOA txt_keyword Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the txtkeyword parameter of the getcompany.aspx file against externally entered SQL statements. An attacker can exploit this...

RuvarOA id parameter SQL injection vulnerability (CNVD-2024-33625)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /WorkFlow/wfofficefilehistoryshow.aspx file, which lacks validation of externally entered SQL statements. An attacker can exploit...

RuvarOA SQL Injection Vulnerability (CNVD-2024-33155)

RuvarOA is an office automation system of Ruvar China. A security vulnerability exists in RuvarOA v6.01 and v12.01, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

RuvarOA SQL Injection Vulnerability (CNVD-2024-33153)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the emailattachid parameter in the /LHMail/AttachDown.aspx file against external SQL input. An attacker can exploit this...

J2EEFAST unallocatedList function SQL injection vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the unallocatedList function of the...

J2EEFAST getDeptList function SQL injection vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version exists SQL injection vulnerability , the vulnerability stems from the getDeptList function in the...

J2EEFAST findpage function SQL injection vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2eeFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the findpage function of the...

J2EEFAST authRoleList function SQL injection vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version exists SQL injection vulnerability , the vulnerability stems from the authRoleList function in the...

TotalCloud Insights: A Wake-Up Call on Cloud Database Security Failure Rates

In part 1 of this two-part blog, we explored how to safeguard cloud databases from SQL Server threats and lateral movement risks. In this second part, we turn our focus to a comparative analysis of database security across three major cloud service providers CSPs, AWS, Azure, and GCP, as well as...

CVE-2024-1797

CVE-2024-1797 concerns the WP ULike plugin for WordPress. The initial description states a SQL Injection via the status and id attributes of the wp_ulike_counter and wp_ulike shortcodes, affecting all versions up to 4.6.9, with authenticated attackers (contributor+ level) able to inject extra SQL...

CVE-2024-1173 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-2661

CVE-2024-2661 affects the Barcode Scanner and Inventory manager WordPress plugin (Barcode Scanner Lite POS to manage products, inventory and orders). All versions up to and including 1.5.4 are vulnerable to blind SQL Injection via the currentIds parameter due to insufficient escaping and improper...

CVE-2024-32967 Zitadel exposes internal database user name and host information

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no...

CVE-2024-32967 Zitadel exposes internal database user name and host information

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no...

CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure

E-WEBInformationCo. FS-EZViewerWeb exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...

CVE-2024-27790

Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests...

CVE-2024-3624 Mirror-registry: database user and password stored in plain-text

A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database...

CVE-2024-3624 Mirror-registry: database user and password stored in plain-text

A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. This flaw allows a malicious actor with access to this file to gain access to Quay's database...

CVE-2024-1102

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

SQL Injection Vulnerability in Yisetong Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-23882)

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Yisetong Electronic Document Security Management System of Beijing Yisetong Technology Development Co...