5126 matches found
CVE-2016-10554
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...
CVE-2016-10553
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...
Code injection
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...
Sql injection
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...
CVE-2016-10554
The CVE concerns sequelize (Node.js ORM). Before 1.7.0-alpha3, sequelize defaults SQLite to MySQL backslash escaping, even though SQLite uses PostgreSQL escaping, creating a SQL injection risk when Sequelize connects to SQLite. Affected: sequelize versions prior to 1.7.0-alpha3. Root cause: escap...
CVE-2016-10550
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequeliz...
CVE-2016-10553
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...
CVE-2016-10556
CVE-2016-10556 affects the Sequelize ORM for Node.js (v3.19.3 and earlier). The issue: when an array is used as a string in a query, Sequelize incorrectly escapes it, causing a SQL injection in Postgres, SQLite, and MSSQL. The PoC shows a crafted replacements value leading to a query like: SELECT...
Facebook Graph OpenSearch Phone Number Metadata Crosswalk Mapping
!/usr/bin/perl Facebook 'Graph' OpenSearch Phone Number metadata crosswalk mapping PoC 2018 Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Description: Criminal hacker CRACKER can take advantage of this weakness by creating a specialized database to manipulate...
Apache Impala Information Disclosure Vulnerability (CNVD-2018-10329)
Apache Impala incubating is a large-scale, distributed parallel processing database query system of the United States Apache Apache Software Foundation. The system is able to query the Hadoop big data analytics software stored in HDFS distributed file system and HBase database in the petabytes of...
dpdk: Information exposure in unchecked guest physical to host virtual address translations
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory...
Dell Touchpad - ApMsgFwd.exe Denial of Service
Dell Touchpad - ApMsgFwd.exe Denial of Service / Title: Dell Touchpad - ApMsgFwd.exe Denial Of Service Author: Souhail Hammou Vendor Homepage: https://www.alps.com/ Tested on : Alps Pointing-device Driver 10.1.101.207 CVE: CVE-2018-10828 / include include include / Details: ========== ApMsgFwd.ex...
CVE-2018-10828
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when...
CVE-2018-10828
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when...
Design/Logic Flaw
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when...
CVE-2018-10828
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when...
Blktrace Buffer Overflow Vulnerability
blktrace a.k.a. Block IO Tracing is a Linux-based tool for collecting IO information from disks. A buffer overflow vulnerability exists in the 'devmapread' function of the btt/devmap.c file in version 1.2.0 of blktrace, which stems from an array of devices and devno's being too small. When used...
DEBIAN-CVE-2018-10392
mapping0forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service heap-based buffer overflow or over-read or possibly have unspecified other impact via a crafted file...
AZL-7276 CVE-2018-10392 affecting package libvorbis for versions less than 1.3.7-1
mapping0forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service heap-based buffer overflow or over-read or possibly have unspecified other impact via a crafted file...
Customer data & marketing operations: Keeping your data safe on the journey to GDPR compliance
Emails. Web forms. Events. Oh my! These marketing tactics are all designed to gather, store, and evolve relationships with your prospects, customers, and partners. Often times, they are the first point of contact for your organization from the outside world—and they all feed into your marketing...