CVE-2024-31227 Denial-of-service due to malformed ACL selectors in Redis

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...

CVE-2024-31227

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...

CVE-2024-31227 Denial-of-service due to malformed ACL selectors in Redis

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...

CVE-2024-31227

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...

CVE-2024-9574

SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

CVE-2024-9574 SQL Injection vulnerability in SOPlanning

SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

CVE-2024-9574

SOPlanning CVE-2024-9574 affects SOPlanning versions before 1.45. The vulnerability is a SQL injection in the by parameter of /soplanning/www/user_groupes.php, allowing remote attackers to submit crafted queries and retrieve all data from the database. Root cause is improper input handling in the...

Exploit for SQL Injection in Templateinvaders Ti_Woocommerce_Wishlist

CVE-2024-43917 This script demonstrates an SQL injection vuln...

GHSA-WC43-73W7-X2F5 Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials

Preconditions - The code login method is enabled with the passwordlessenabled flag set to true . - A 2FA method such as totp is enabled. - requiredaal of the whomai check or the settings flow is set to highestavailable. AAL stands for Authenticator Assurance Levels and can range from 0 no factor ...

CVE-2024-8621 Daily Prayer Time <= 2024.08.26 - Authenticated (Contributor+) SQL Injection

The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'maxword' attribute of the 'quranverse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-8624

CVE-2024-8624 affects the MDTF – Meta Data and Taxonomies Filter plugin for WordPress. Versions up to and including 1.3.3.3 are vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode due to insufficient escaping and preparation of the existing SQL query. Expl...

CVE-2024-8624 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Authenticated (Contributor+) SQL Injection

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'metakey' attribute of the 'mdfselecttitle' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

CVE-2024-47062 Multiple SQL Injections and ORM Leak in navidrome

Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...

Reverb use after free vulnerability

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

CVE-2024-46990 SSRF Loopback IP filter bypass in directus

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

How to use Azure Database for PostgreSQL with Veeam Backup for Microsoft 365

Purpose This article documents how to utilize Azure Database for PostgreSQL to host the Veeam Backup for Microsoft 365 v8 or higher configuration database. Solution After deploying Azure Database for PostgreSQL, additional steps must be performed to ensure it can be utilized by Veeam Backup for...

Microsoft SQL Server Masked Data Exposure

Title: SQL Server Masked Data Exposure Through Brute Force Attack Product: Database Manufacturer: Microsoft Affected Versions: SQL Server 2014, 2016,2017,2019,2022 Tested Versions: SQL Server 2014, 2016,2017,2019,2022 Risk Level: Low Security Feature: Dynamic Data Masking Author of Advisory: Emad...

Exploit for SQL Injection in Ultimatemember Ultimate_Member

WordPress CVE 2024-1071 SQL Exploit !1713786351923https://...

The vulnerability of the Samba networking communication package and the ldb database, related to uncontrolled resource consumption, allows a hacker to cause service failures.

The vulnerability of the Samba networking communication package and the ldb database is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

GHSA-WF9G-C67G-H4CH MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...