CVE-2025-11177

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-1574

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...

CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

Avalanche 6.4.3 Security Hardening and CVEs addressed

Avalanche 6.4.3 has addressed some new security hardening and vulnerabilities in our Q1 2024 release. We are not aware of any exploitation of these vulnerabilities at the time of disclosure. To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche...

Avalanche 6.4.2 Security Hardening and CVEs addressed

Avalanche 6.4.2 has addressed some new security hardening in our 2023 Quarter 4 release. To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche installer and udpate to the latest Avalanche 6.4.2. The installation will apply a fix for each CVE list...

CVE-2023-0620

A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection. This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL MSSQL Database Storage Backend, which could allow the attacker to view, add, modify, or...

CVE-2023-0620

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provide...

CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

Sql injection

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

A misconfigured Amazon S3 Simple Storage Service bucket, managed by a Walmart jewelry partner, left personal details and contact information of 1.3 million customers exposed to the public internet. The S3 repository containing a MSSQL database backup belongs to MBM Company, a Chicago, Ill.-based...

Infosea GLIS V7.0&V9.0 Sql Injection

简要描述： 清大新洋图书管理系统V7.0和V9.0版存在注入漏洞 详细说明： 写了那么多洞儿也没来一个大厂商呢。好伤心呀！我就不像某些人一样一个系统十个注入点分开刷了来一个首页可好啊？ v9.0的是oracle数据库、v7.0的似mssql数据库 官网案例：http://www.infosea.com.cn/yonghu.html（有点吓人） GLIS V7.0默认风格： GLIS V9.0默认风格： 两处SQL注入： 第一处：/opac/ckgc.jsp?kzh= GLIS V9.0版本 第二处：/opac/fljs/fllist.jsp?flh= GLIS V7.0版本 漏洞证明：...

Encrypt Database Password in dbconfig.xml or use integrated authentication

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-31004. panel JIRA should Encrypt the database password since it's in plain text in the dbconfig.xml file or it could use the integrated...

Thousand Bo enterprise website management system HitCount. Asp page injection vulnerability-vulnerability warning-the black bar safety net

Program have joined the anti-injection code, in NoSql. asp file 7kccopyd-code % If EnableStopInjection = True Then Dim FyPost, FyGet, FyIn, FyInf, FyXh, Fydb, Fydbstr FyIn = "’|;|and|exec|insert|select|delete|update|count||%|chr|mid|master|truncate|char|declare" FyInf = SplitFyIn, "|" If Request...

MSSQL Database Client Detection

Binary data 5552.prm...

Thousand Bo enterprise website management system Oday-vulnerability warning-the black bar safety net

Program have joined the anti-injection code, in NoSql. asp file 7kccopyd-code % If EnableStopInjection = True Then Dim FyPost, FyGet, FyIn, FyInf, FyXh, Fydb, Fydbstr FyIn = "’|;|and|exec|insert|select|delete|update|count||%|chr|mid|master|truncate|char|declare" FyInf = SplitFyIn, "|" If Request...

CreateLive CMS 3.1 injection vulnerability-vulnerability warning-the black bar safety net

Inadvertently see the Black hands 1 2 The month of the books, saw the CreateLive CMS 4.2 injection vulnerability, the author is Chaoyang it. Just have a CreateLive CMS system, but version is 3. 1, I think it should be also the presence of this hole! The website is open for registration. Start now...

4 5 You can obtain the Webshell program-vulnerability warning-the black bar safety net

1: Go to GoogLe,search some keywords,edit. asp? Korean broiler chickens is more,the majority of MSSQL database! 2,to Google ,site:cq. cn inurl:asp 3, The use of mining chicken and an ASP Trojan. The file name is login. asp ...... The path set is/manage/ The key word is went. asp 'Or'='or'to login...

The latest Discuz! NT2. 5 vulnerability to report! - Vulnerability warning-the black bar safety net

Title: the latest Discuz! NT2. 5 vulnerability to report! Author: hackest H. S. T. This article has been published in the hacker X-Files for 2 0 0 8 P 1 0 issue of the magazine on After the author published on the blog, such as reproduced please retain this information! Summer, passion in August,...

Analysis of the storm database vulnerability principle and the law-vulnerability and early warning-the black bar safety net

I see the storm library vulnerability principle and the law SQL injectionpopular for a long time, we're looking for vulnerability injection purpose is nothing but want to get the database stuff, such as username, password, etc., further the MSSQL database you can also take this to get permission...