13 matches found
On the Effectiveness of Mutational Grammar Fuzzing
Posted by Ivan Fratric Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a way that any resulting samples still adhere to the grammar rules, thus the...
EUVD-2021-2561
Malware in sbrugna...
CVE-2021-43822
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...
Security Bulletin: IBM Application Navigator, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a remote attacker exploitation of Apache Log4j (CVE-2021-44228)
Summary IBM Application Navigator, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a remote attacker exploitation of Apache Log4j CVE-2021-44228. The IBM Application Navigator contains a copy of Apache Log4j which is not used by the IBM Application Navigator function. Out o...
GHSA-PH98-V78F-JQRM SQL injection in jackalope/jackalope-doctrine-dbal
Impact Users can provoke SQL injections if they can specify a node name or query. Patches Upgrade to version 1.7.4 If that is not possible, you can escape all places where $property is used to filter sv:name in the class Jackalope\Transport\DoctrineDBAL\Query\QOMWalker: XPath::escape$property...
CVE-2021-43822
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...
CVE-2021-43822
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...
Sql injection
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...
CVE-2021-43822 SQL injection in jackalope/jackalope-doctrine-dbal
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...
CVE-2021-43822
CVE-2021-43822 concerns SQL injection in the Jackalope Doctrine-DBAL PHPCR implementation. The vulnerability arises because the component that translates the query object model into Doctrine DBAL queries does not properly escape certain user-controlled identifiers (node names and xpaths), allowin...
Jackalope Doctrine-DBAL SQL注入漏洞
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR that uses a relational database to persist data. Jackalope Doctrine-DBAL suffers from a SQL injection vulnerability that stems from the software's lack of effective filtering for the $property parameter. In the...
Finding 0-days with Jackalope
ARCHIVED STORY Finding 0-days with Jackalope By Douglas McKee · September 16, 2021 Overview On March 21st, 2021, the McAfee Enterprise Advanced Threat Research ATR team released several vulnerabilities it discovered in the Netop Vision Pro Education software, a popular schooling software used by...
Finding 0-days with Jackalope
ARCHIVED STORY Finding 0-days with Jackalope By Douglas McKee · September 16, 2021 Overview On March 21st, 2021, the McAfee Enterprise Advanced Threat Research ATR team released several vulnerabilities it discovered in the Netop Vision Pro Education software, a popular schooling software used by...