How to use DSF Collections & Index Patterns – A Tutorial

In conventional terminology, Imperva Data Security Fabric DSF is a database system, replete with a GUI interface for aggregation pipeline building, workflow orchestration, extensible scripting Playbooks, and self-service data discovery Kibana-based Discover. Imperva DSF is purpose-built for data...

WordPress Database Table Overview and Logs Plugin < 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Database Table Overview and Logs Type Plugin Vulnerable versions 1.1.0 Fixed in 1.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 43825b47431f Credits Rafie Muhammad...

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

CVE-2020-36668

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backupguardgetmanualmodal function called via an AJAX action. This makes it possible for...

WordPress plugin JetBackup – WP Backup, Migrate & Restore 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin JetBackup ...

SUSE CVE-2015-9230

In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter...

CVE-2022-4553

The CVE-2022-4553 entry concerns the WordPress plugin FL3R FeelBox (

WordPress Find and Replace All plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

GHSA-5FJ8-WH3G-QVQ2 TYPO3 is vulnerable to Mass Assignment in the Extension table administration library

The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

WordPress Plugin Bug Lets Subscribers Wipe Sites

Researchers have discovered a homicidal WordPress plugin that allows subscribers to wipe sites clean of content. The high-severity security flaw is found in Hashthemes Demo Importer, a plugin that’s used in more than 8,000 active installations. According to security researchers at Wordfence, the...

Design/Logic Flaw

A vulnerability in the vaeadminrule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter...

CVE-2020-19301

A vulnerability in the vaeadminrule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter...

Cross site scripting

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...

Format string

An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the culog database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could...

ImpressCMS: SQL Injection through /include/findusers.php

Summary: The vulnerability is located in the /include/findusers.php script: 281. $total = $userhandler-getUserCountByGroupLink@$POST"groups", $criteria; 282. 283. $validsort = array"uname", "email", "lastlogin", "userregdate", "posts"; 284. $sort = !inarray$POST'usersort', $validsort ? "uname" :...

Authorization

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...

CVE-2021-21468

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...

UBUNTU-CVE-2020-27662

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

Design/Logic Flaw

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...

glpi -- Insecure Direct Object Reference on ajax/comments.ph

MITRE Corporation reports: In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...