CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

CVE-2021-39333

CVE-2021-39333 : The Hashthemes Demo Importer Plugin for WordPress (versions

CVE-2020-28702

CVE-2020-28702 describes a SQL injection in TopicMapper.xml of PybbsCMS v5.2.1, enabling attackers to access sensitive database information. The vulnerability is corroborated across multiple sources (NVD, RH, OSV, CVE lists, and PT Security) with published impact scores (CVSS 2.0/3.1: base 5.0/7....

SQL Injection in forkcms/forkcms

Description When calling the url for deleting one or more tags, the parameter id is vulnerable for SQL injection. Proof of Concept Call an URL like this one as an authenticated user. http://forkcms.site/private/de/tags/massaction?token=n93e05rj0l&id=3;insert into usersemail,password,isgod values...

Sqlite SQL注入漏洞

Sqlite is a lightweight database that is an ACID-compliant relational database management system. Sqlite suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability ...

CVE-2021-35551

Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successfu...

Design/Logic Flaw

Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successfu...

Opensis SQL Injection Vulnerability (CNVD-2021-101539)

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in openSIS version 8.0. The vulnerability stems from a lack of validation of input data for the $GET'usrid' and $GET'profid' parameters in PasswordCheck.php. An attacker can...

WordPress Meow Gallery Plugin SQL Injection Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . The WordPress Meow Gallery plugin suffers from a SQL...

A security architect’s POV on a mature data-centric security program, Part 3

In part one of this series, you learned about the challenges associated with accessing, and searching long-term retained database activity logs and identifying sensitive customer data to comply with stricter compliance regulations. In part two, you gained insight into how security professionals c...

CVE-2021-41651

CVE-2021-41651 describes a blind SQL injection in the Raymart DG / Ahmed Helal Hotel-mgmt-system. The vulnerability resides in the vulnerable parameter cid of process_update_profile.php , allowing an attacker to retrieve sensitive database information via unauthenticated, time-based blind techniq...

CVE-2021-32762

CVE-2021-32762 affects Redis components (redis-cli, redis-sentinel) via an integer overflow when parsing large multi-bulk network replies due to an overflow in the underlying hiredis library. The vulnerability can lead to heap overflow on affected platforms, with fixed defaults noted: the vulnera...

CVE-2021-41616 Apache ddlutils 1.0 readobject vulnerability

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...

CVE-2021-30869

creationtimestamp| type| source ---|---|--- 2021-09-24 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=658 2021-09-24 06:47:09+00:00| exploited| https://t.me/thehackernews/1537 2021-09-24 07:45:25+00:00| exploited| https://t.me/auraxchan/26994 2021-09-24 11:00:34+00:00|...

CVE-2021-39404

MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database...

Design/Logic Flaw

MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database...

CVE-2021-24741

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters such as statuscode, department, userid, conversationid, conversationstatuscode, and recipientid before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users...

IBM DB2 信息泄露漏洞

IBM DB2 is a relational database management system from IBM Corporation of the United States. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions.IBM Db2 is vulnerable to an information disclosure vulnerability that stems from exposing remote storage credentials to a...

McDonald’s Email Blast Includes Password to Monopoly Game Database

McDonald’s UK Monopoly VIP game kicked off at the end of August, and a recent round of emails sent to winners of the game’s various prizes included more than a coupon for free fries. The franchise accidentally inserted passwords for a McDonald’s server that hosted information tied to the UK...

WordPress SQL Injection Vulnerability (CNVD-2021-70738)

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Embed Youtube Video 1.0 and earlier versions are vulnerable to SQL injection, which...