CVE-2021-3817 SQL Injection in wbce/wbce_cms

wbcecms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

Fake ransomware warnings hit WordPress sites: How to stay safe

A ransomware warning has appeared out of nowhere and started taking over WordPress sites. The warning, with its black background and red writing, says: “SITE ENCRYPTED Countdown FOR RESTORE SEND 0.1 BITCOIN: address redacted create file on site /unlock.txt with transaction key inside” But theres...

CVE-2021-20028

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier...

Command injection

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...

CVE-2021-32590

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...

Sql injection

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors...

Sql injection

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors...

Vulnerability in core server (CVE-2021-32028)

Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and...

Security Bulletin: Search path vulnerability in PostgreSQL Server bundled in IBM Robotic Process Automation with Automation Anywhere (CVE-2020-14349, CVE-2020-14350)

Summary The version of PostgreSQL server bundled with IBM Robotic Process Automation with Automation Anywhere did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw to execute arbitrary SQL command in the context of the user used for...

NewStart CGSL MAIN 6.02 : sqlite Multiple Vulnerabilities (NS-SA-2021-0064)

The remote NewStart CGSL host, running version MAIN 6.02, has sqlite packages installed that are affected by multiple vulnerabilities: - An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after...

vrana/adminer via XSS in the history parameter in SQL command

Impact Users of Adminer versions supporting SQL command most versions, e.g. MySQL using browsers not encoding URL parameters before sending to server likely Edge, not Chrome, not Firefox are affected. Patches Patched by 5c395afc, included in version 4.7.9. Workarounds Use browser which encodes UR...

GHSA-9PGX-GCPH-MPQR vrana/adminer via XSS in the history parameter in SQL command

Impact Users of Adminer versions supporting SQL command most versions, e.g. MySQL using browsers not encoding URL parameters before sending to server likely Edge, not Chrome, not Firefox are affected. Patches Patched by 5c395afc, included in version 4.7.9. Workarounds Use browser which encodes UR...

Confirmed Zero-day vulnerability in the SonicWall SMA100 build version 10.x

A vulnerability resulting in improper SQL command neutralization in the SonicWall SSLVPN SMA100 product allows remote exploitation for credential access by an unauthenticated attacker. This vulnerability impacts SMA100 build version 10.x. CVE: CVE-2021-20016 Last updated: Feb. 3, 2021, 9:11 p.m...

Hgiga MailSherlock SQL注入漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. HGiga MailSherlock suffers from a SQL injection vulnerability. An attacker can use this vulnerability to inject and execute SQL commands in the URL parameters of a specific cgi page...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in PostgreSQL

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of PostgreSQL. Vulnerability Details CVEID: CVE-2020-14349 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to execute arbitrary command on the system, caused by improper sanitization of...

CVE-2020-27207

Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlciphercodecpragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data...

Sql injection

Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlciphercodecpragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data...

CVE-2020-27207

Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlciphercodecpragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data...

GaussDB Kernel: Configuring the Maximum Number of Audit Log Files

The parameter auditfileremainthreshold specifies the maximum number of audit log files. When the total number of audit log files exceeds the specified value, the system writes the warning information to the database logs, deletes the earliest audit log files, and records the deletion to the audit...

EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-2156)

According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical...