Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory

Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...

PT-2023-6904 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 11.4 Description: The issue is related to SQL injection, where a remote attacker could send specially crafted SQL statements to view, add, modify, or delete information in the back-end database. This is due to th...

CVE-2023-39939

CVE-2023-39939 describes an SQL injection in LuxCal Web Calendar prior to 5.2.3M (MySQL) and prior to 5.2.3L (SQLite), allowing remote, unauthenticated attackers to execute arbitrary queries and access/alter data. Connected sources confirm affected LuxCal Web Calendar components and indicate miti...

novel-plus SQL Injection Vulnerability

novel-plus is a multi-end PC, WAP reading and functional original literary CMS system. A SQL injection vulnerability exists in novel-plus version v3.6.2. The vulnerability stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this...

School Faculty Scheduling System SQL Injection Vulnerability (CNVD-2023-64628)

School Faculty Scheduling System is a school faculty scheduling system. A SQL injection vulnerability exists in School Faculty Scheduling System v1.0, which stems from a lack of validation of externally entered SQL statements in the parameter id of manageuser.php. An attacker can exploit this...

PT-2023-5524 · Nozomi Networks · Nozomi Networks Cmc +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: A blind SQL Injection issue exists due to improper input validation in the sorting parameter, allowing an authenticated attacker to execute arbitrary SQL statements...

PT-2023-15875 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the “message viewer iframe” feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of arbitrary...

PT-2023-15860 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "schedule editor decoupled" feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of...

Important: postgresql15

Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 Affected Packages: postgresql15 Issue Correction: Run d...

CVE-2023-37472

Knowage exposes a CVE-2023-37472 SQL injection vulnerability in prior to 8.1.8. The issue arises when user-supplied data is used to build HQL queries, allowing crafted queries to affect subsequent SQL executed by Hibernate, specifically via the endpoint /knowage/restful-services/2.0/documents/lis...

PT-2023-22310 · Unknown · Florist Site

Name of the Vulnerable Software and Affected Versions: Florist Site versions prior to 3.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

CVE-2023-34090 Decidim vulnerable to sensitive data disclosure

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

CVE-2023-36934

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...

CVE-2023-36284

Webkul QloApps 1.6.0 contains an unauthenticated Time-Based SQL injection via GET parameters date_from, date_to, and id_product. The underlying flaw allows an attacker to bypass authentication/authorization and retrieve the database contents. The issue is documented across multiple feeds (NVD, NV...

miniCal SQL Injection Vulnerability

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 SQL injection vulnerability , the vulnerability stems from the file /booking/showbookings/ parameter searchquery lack of validation of external input SQL statements , an attacker can use this vulnerability to execute illegal...

CVE-2023-35866

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

Design/Logic Flaw

DISPUTED In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

CVE-2023-35866

DISPUTED In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

CVE-2023-35866

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or...

PT-2023-3209

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2021.0.8 13.0.8 MOVEit Transfer versions prior to 2021.1.6 13.1.6 MOVEit Transfer versions prior to 2022.0.6 14.0.6 MOVEit Transfer versions prior to 2022.1.7 14.1.7 MOVEit Transfer versions prior to 2023.0.3...