Advantech WISE-PaaS/RMM RecoveryMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Advantech WISE-PaaS/RMM SQLMgmt CreateTable SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SQLMgmt...

Advantech WISE-PaaS/RMM SQLMgmt insertData SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SQLMgmt...

Advantech WISE-PaaS/RMM SQLMgmt getTableInfo SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SQLMgmt...

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

Sql injection

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

CVE-2019-10749

CVE-2019-10749 affects sequelize prior to 3.35.1. The vulnerability arises in the Postgres dialect where JSON path keys are not properly sanitized, enabling SQL injection. Affected component: Sequelize (Node.js ORM) code paths used for generating queries with JSON path keys. Exploitation details ...

CVE-2019-10749

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect...

ManaTI - A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts

Machine Learning for Threat Intuitive Analysis The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and...

Raml-Module-Builder SQL Injection Vulnerability

Raml-Module-Builder is a framework that allows the creation of modules based on RAML files. A SQL injection vulnerability exists in PostgresClient.update in Raml-Module-Builder version 26.4.0, which can be exploited by an attacker to execute illegal SQL commands...

DEBIAN-CVE-2019-14234

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...

CVE-2016-10782

cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs SEC-181...

CVE-2016-10782

cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs SEC-181...

Cross site scripting

cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs SEC-181...

CVE-2016-10782

CVE-2016-10782 affects cPanel versions prior to 60.0.25, with a self-stored XSS in the postgres API1 listdbs. The root cause is insufficient validation of client-side data in the web application, allowing injected scripts to run when listing databases. Impact: stored XSS in affected user sessions...

SQL Injection

Overview Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later. References...

SQL Injection

sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not escape the JSON path key provided by the user using postgres dialects in query-generator.js...

SQL Injection

Overview sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. Affected versions of this package are vulnerable to SQL Injection due to JSON path keys not being properly sanitized in the Postgres dialect. PoC by Snyk const Sequelize =...

@arkecosystem/core (>=2.1.0 <=2.7.26), @arkecosystem/core-database-postgres (>=0.2.0 <=2.7.26) +221 more potentially affected by unknown CVE via sql (>=0.0.5 <=0.78.0)

sql NPM version =0.0.5, =2.1.0, =0.2.0, =2.4.0, =0.1.0, =2.1.0, =1.0.0, =1.0.0, =2.0.0-alpha.1, =2.0.0-pre.12, =2.0.0-alpha.1, =1.0.0, =0.20.1, =0.4.4, =1.1.0, =1.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8F93-RV4P-X4JW...