web-app-security-lab

Vulnerable Web App — Attack & Defend Lab A deliberately-vulne...

Important: Red Hat Security Advisory: mariadb:10.11 security update

An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EUVD-2024-41431

Malicious code in bioql PyPI...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra methods when a specially crafted dictionary is passed using dictionary expansion as kwargs, leading to unsafe column aliases on MySQL and...

PYSEC-2025-106

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

CVE-2021-41679

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter...

CVE-2021-39378

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the NamesList.php str parameter...

CVE-2021-39379

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the ResetUserInfo.php passwordstnid parameter...

python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django

A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match...

PT-2024-14811 · Mariadb · Mariadb

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A CWE-798 “Use of Hard-coded Credentials” issue in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all...

PT-2024-2179 · Unknown +2 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.8.3 Description: The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim wi...

USN-5022-2: MariaDB vulnerabilities

USN-5022-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2021-2372 and CVE-2021-2389 in MariaDB 10.3 and 10.5. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the...

Bugs Lurking in Cisco UC Provisioning Platform

The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution RCE with elevated privileges, researchers said. They...

DEBIAN-CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

Debian DLA-2409-1 : mariadb-10.1 security update

A security issue was discovered in the MariaDB database server. For Debian 9 stretch, this problem has been fixed in version 10.1.47-0+deb9u1. We recommend that you upgrade your mariadb-10.1 packages. For the detailed security status of mariadb-10.1 please refer to its security tracker page at:...

Debian Security Advisory DSA 3632-1 (mariadb-10.0 - security update)

Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.26. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ OpenVAS...

mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection...

mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection...

ALPINE-CVE-2016-0647

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS...

UBUNTU-CVE-2016-0616

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer...