Music Gallery Site 1.0 SQL Injection Vulnerability

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari...

Employee Task Management System 1.0 SQL Injection

Employee Task Management System - SQL Injection on task-details.php?taskid=? with low privilege authentication Date: 17 February 2023 CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Author Email: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link: Employe...

Music Gallery Site 1.0 SQL Injection

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. Date: 21 February 2023 CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad...

SUSE CVE-2020-2239

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

SUSE CVE-2021-29568

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

GHSA-6P5Q-H963-PWWF Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

ARCHIBUS Web Central 安全漏洞

ARCHIBUS Web Central is a web-based web management center for ARCHIBUS that organizes facility and infrastructure management tasks in an intuitive web browser interface. All infrastructure data is stored in a centralized repository so that authorized users from anywhere in the world can enter, ed...

SQL Injection inside instance name leads to Remote Code Execution

📜 Description SQL injection SQLi is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other...

GHSA-P2XF-8HGM-HPW5 TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`

Impact ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf seed = 1618 seed2 = 0 shape = tf.random.uniformshape=3, minval=-10000,...

CVE-2022-35984

TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows cross-site scripting. A web page that uses smartyfunctionmailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user...

PT-2022-23082 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises from ParameterizedTruncatedNormal assuming shape is of type...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from ParameterizedTruncatedNormal assuming that shape is of type int32. A valid shape of type int64 cause...

Exploit for SQL Injection in Jflyfox Jfinal_Cms

CVE-2022-37201 CVE-2022-37201 POC POC First of all you...

CVE-2018-25047

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user...

php: Uninitialized array in pg_query_params() leading to RCE

A vulnerability was found in PHP due to an uninitialized array in pgqueryparams function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote...

OESA-2022-1781 log4j12 security update

With log4j it is possible to enable logging at runtime without modifying the application binary. Security Fixes: By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converte...

OESA-2022-1721 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

MAL-2022-4410 Malicious code in lro-parameterized-endpoints (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a548e0b8236b995248022f06f37ba6ada6b2ebda047546a78962cfcca6c4e604 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in lro-parameterized-endpoints (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a548e0b8236b995248022f06f37ba6ada6b2ebda047546a78962cfcca6c4e604 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...