How to Migrate the Configuration and Repository Cache Databases

Article Applicability This article is intended for use in environments where Veeam Backup for Microsoft 365 8 is already installed. The information provided in this article outlines the process for migrating the Configuration and Cache Databases from one PostgreSQL instance to another, including...

CVE-2024-51996 Symphony has an Authentication Bypass via RememberMe

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. Th...

CVE-2024-43613

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability...

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

...

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

...

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

CVE-2024-11016

CVE-2024-11016 affects Webopac from Grand Vice info. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Reported CVSS 3.1 v3.1 base score is 9.8 (CRITICAL) with network attack Vector, no...

PT-2024-16709 · Grand Vice Info · Webopac

Name of the Vulnerable Software and Affected Versions: Webopac from Grand Vice info affected versions not specified Description: The Webopac system has a SQL Injection flaw, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2024-9874

CVE-2024-9874 affects the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls. Connected sources confirm a time-based SQL Injection via the orderby parameter in all versions up to 5.4.6, caused by insufficient escaping and lack of proper preparation of the SQL query. Exploita...

CVE-2024-9874 WordPress Poll Maker Plugin <= 5.4.6 - Authenticated (Administrator+) Time-Based SQL Injection

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-50378

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...

CVE-2024-50378

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...

CVE-2024-51030

A SQL injection vulnerability in manageclient.php and viewcab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database...

CVE-2024-51030

Sourcecodester Cab Management System 1.0 has a SQL injection in manage_client.php and view_cab.php that can be exploited via the id parameter to execute arbitrary SQL. Affected scripts: manage_client.php, view_cab.php. Root cause: unsanitized id parameter enabling SQL injection with high confiden...

CVE-2024-51030

A SQL injection vulnerability in manageclient.php and viewcab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database...

CVE-2024-51993

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

CVE-2024-20536

Cisco Nexus Dashboard Fabric Controller (NDFC) SQL Injection vulnerability affects REST API endpoint and web-based management interface. Root cause: insufficient validation of user input enables authenticated, read-only attackers to cause arbitrary SQL commands, potentially reading, modifying, or...

CVE-2024-20536 Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

CVE-2024-47462

creationtimestamp| type| source ---|---|--- 2024-11-06 00:46:43+00:00| seen| https://t.me/cvedetector/9962 2024-11-06 16:21:22+00:00| seen| https://vulnerability.circl.lu/bundle/07fca93b-c28d-44e4-8497-18f4bbbd16f9 2024-11-12 12:30:05+00:00| seen| https://t.me/truesecator/6419...