CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

Dual Utilization of Perturbation for Stream Data Publication under Local Differential Privacy

Stream data from real-time distributed systems such as IoT, tele-health, and crowdsourcing has become an important data source. However, the collection and analysis of user-generated stream data raise privacy concerns due to the potential exposure of sensitive information. To address these...

CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

SQL Injection

Nocodb is vulnerable to SQL Injection. The vulnerability is due to improper sanitation or parameterization of sql queries in the triggerList function in the SqliteClient.ts file. This can potentially lead to Information Disclosure...

Siemens SICAM TOOLBOX II Critical Resource Privilege Assignment Error Vulnerability

SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II suffers from a...

Forms Ada <= 1.0 - Unauthenticated Reflected XSS

The plugin does not sanitize and escape some of it's parameters before reflecting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

Schneider Electric StruxureWare Data Center Expert 代码注入漏洞

Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. A code injection vulnerability exists i...

KioWare 跨站脚本漏洞

KioWare is a suite of self-service terminal browser software. The software is capable of restricting end-user access to specific interfaces. A security vulnerability exists in KioWare 8.33 and earlier versions, which is caused by improper parameterization and can be exploited by an attacker to ga...

CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

Sql injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

CVE-2022-45786

CVE-2022-45786 documents a SQL injection in Apache AGE when using the Golang and Python drivers with PostgreSQL 11/12 (up to AGE 1.1.0). Root cause: the cypher() placeholder could not be parameterized, and driver parameterization was insufficient, enabling injections. Mitigation: upgrade the Gola...

Apache AGE SQL注入漏洞

Apache AGE is a PostgreSQL extension from the Apache Foundation that provides graphical database functionality. An SQL injection vulnerability exists in the Apache AGE driver, which stems from an inability to parameterize passed values, leading to SQL injection...

Upgraded Q -> M from #451 [1668467945427]

Judge has assessed an item in Issue 451 as M risk. The relevant finding follows: THRESHOLD LIMIT CHECKS Certain parameters of the contracts can be configured to invalid values, causing a variety of issues and breaking expected interactions between contracts. setFlashLoanFee allows the owner of...

Sql injection

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

Sql injection

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive informati...

PT-2022-13920 · WordPress · Rsvpmaker

Name of the Vulnerable Software and Affected Versions: RSVPMaker plugin for WordPress versions up to and including 9.2.6 Description: The issue is related to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user-supplied data passed to a SQL query in the...

i3 International Annexxus Cameras 安全漏洞

i3 International Annexxus Cameras is a camera from the Canadian company i3 International. A security vulnerability exists in i3 International Annexxus Cameras Ax-n 5.2.0, which can be exploited to add a second administrative account by using the PUT and DELETE parameterizations, as well as by...

CVE-2022-0651

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpagetype parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...