O2Former:Direction-Aware and Multi-Scale Query Enhancement for SAR Ship Instance Segmentation

Instance segmentation of ships in synthetic aperture radar SAR imagery is critical for applications such as maritime monitoring, environmental analysis, and national security. SAR ship images present challenges including scale variation, object density, and fuzzy target boundary, which are often...

TYPO3 SQL Injection in low-level Query Generator

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...

GHSA-RCGC-4XFC-564V TYPO3 Insecure Deserialization in Query Generator & Query View

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...

GHSA-6MH3-J5R5-2379 Cross-Site Scripting in Query Generator & Query View

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.5 Problem Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileg...

TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-010...

TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-010...

Cross-Site Scripting in Query Generator & Query View

Failing to properly encode error messages, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability...

PT-2021-3865 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue is related to the components QueryGenerator and QueryView in the TYPO3 content management system, which are...

Insecure Deserialization in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

Insecure Deserialization in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

SQL Injection in low-level Query Generator

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-025...

SQL Injection in low-level Query Generator

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-025...

typo3 -- multiple vulnerabilities

Typo3 core team reports: It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting. It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms...

Insecure Deserialization in Query Generator & Query View

It has been discovered that classes QueryGenerator and QueryView are vulnerable to insecure deserialization...

SQL Injection in low-level Query Generator

Failing to properly escape user submitted content, class QueryGenerator is vulnerable to SQL injection...

Pixie SQL Injection Vulnerability

Pixie is a PHP-oriented database query generator . A SQL injection vulnerability exists in the limit function in Pixie, which can be exploited by attackers to conduct SQL injection attacks...

SQL Injection

sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not escape the JSON path key provided by the user using postgres dialects in query-generator.js...