48 matches found
Chain Table: Protecting Table-Level Data Integrity by Digital Ledger Technology
The rise of blockchain and Digital Ledger Technology DLT has gained wide traction. Instead of relying on a traditional centralized data authority, a blockchain system consists of digitally entangled block data shared across a distributed network. The specially designed chain data structure and it...
CVE-2024-43207
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62...
CVE-2023-46018
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter...
PT-2023-29489 · Unknown · Turna Advertising Administration Panel
Name of the Vulnerable Software and Affected Versions: Turna Advertising Administration Panel versions prior to 1.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
CVE-2023-43191
SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...
Cacti Cross-Site Scripting Vulnerability
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a cross-site scripting vulnerability that originates fro...
Grafana 跨站脚本漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. A cross-site scripting vulnerability exists in Grafana 9.2 and earlier, 9.3 and earlier, whic...
CVE-2022-0267
The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotateaction before using it in a SQL statement via the adrotaterequestaction function available to admins, leading to a SQL injection...
Jsish Denial of Service Vulnerability (CNVD-2022-08461)
Jsish is a small JavaScript parser with a built-in database written in C. A security vulnerability exists in Jsish v3.5.0, which could lead to a denial of service DoS...
Jsish 资源管理错误漏洞
Jsish is a small JavaScript parser with a built-in database written in C. A security vulnerability exists in Jsish v3.5.0, which could lead to a denial of service DoS...
Jsish 安全漏洞
Jsish is a small JavaScript parser with a built-in database written in C. A security vulnerability exists in Jsish v3.5.0, which could lead to a denial of service DoS...
Jsish 安全漏洞
Jsish is a small JavaScript parser written in C with a built-in database. A security vulnerability exists in Jsish v3.5.0 that could lead to a Denial of Service DoS...
IBM DB2 授权问题漏洞
IBM DB2 is a relational database management system from the U.S. IBM Db2 information disclosure vulnerability can be exploited by attackers to obtain sensitive information...
PT-2021-19533 · Mcafee · Mcafee Database Security
Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the...
Liferay Enterprise Portal SQL注入漏洞
Liferay Enterprise Portal is an application system from Liferay USA. It provides a showcase for e-commerce functionality. A SQL injection vulnerability exists in Liferay Enterprise Portal version 7.3.5. The vulnerability stems from the program not adequately cleaning up user-supplied data in the...
CVE-2021-3418
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction...
grub2: Fail kernel validation without shim protocol
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...
Django: SQL injection possibility in key and index lookups for JSONField/HStoreField
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...
PYSEC-2019-123
SQLAlchemy before 1.3.0b3 allows SQL Injection via the orderby parameter. The fix commit 30307c4 was applied only to the main branch and was never backported to the 1.2.x release line; all 1.2.x versions remain vulnerable...
PhpMyLogon 2.0 - SQL Injection Vulnerability
No description provided by source. Exploit Title: PhpMyLogon SQL Injection Date: March 14, 2010 Author: Blake Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download Version: 2 Tested on: Windows XP SP3 Proof of Concept: Enter the followi...