Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database

Summary A critical second-order SQL Injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment...

PT-2022-16919 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.2 Description: The return of .returns int128 is not validated to fall within the bounds of int128, which can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, .returns...

phpTrafficA 2.3 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: An SQL injection exists in Php/Functions/logfunction.php, line 933: $sql3 ="INSERT INTO $tablehost SET...