RLSA-2022:1556 Moderate: mariadb:10.3 security and bug fix update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb 10.3.32, galera 25.3.34. BZ2050543 Security Fixes: mysql: Server: DML unspecified vulnerability CPU Apr 2021 CVE-2021-21...

Online Restaurant Table Reservation System 1.0 SQL Injection

Exploit Title: Online Restaurant Table Reservation System v1.0 Exploit Author: segf0lt Date: April 20, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15286/online-restaurant-table-reservation-system-phpoop-free-source-code.html Software Link:...

[SECURITY] Fedora 34 Update: community-mysql-8.0.28-1.fc34

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2022-24815 SQL Injection when creating an application with Reactive SQL backend

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...

CVE-2022-24815 SQL Injection when creating an application with Reactive SQL backend

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...

GHSA-QJMQ-8HJR-QCV6 SQL Injection when creating an application with Reactive SQL backend

Impact SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications created without "reactive with Spring WebFlux" and applications with NoSQL databases are not affected. If you have generat...

Directus Cross-Site Scripting Vulnerability (CNVD-2022-81371)

Directus is a live Api and application dashboard. Used to manage Sql database content, a cross-site scripting vulnerability existed prior to Directus version 9.7.0, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...

CVE-2022-24814

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript JS can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script ta...

CVE-2022-24814 Cross-site Scripting in Directus

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript JS can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script ta...

Moderate: Red Hat Security Advisory: rh-mariadb103-mariadb security and bug fix update

An update for rh-mariadb103-mariadb and rh-mariadb103-galera is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

H2 Database Console Remote Code Execution Exploit

The H2 Database console suffers from an unauthenticated remote code execution vulnerability. Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL databas...

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware

Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of...

[SECURITY] Fedora 34 Update: mariadb-10.5.13-1.fc34

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

Fedora: Security Advisory for mariadb (FEDORA-2021-72d5918529)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-44219

Gin-Vue-Admin before 2.4.6 mishandles a SQL database...

CVE-2021-44219

Gin-Vue-Admin before 2.4.6 mishandles a SQL database...

CVE-2021-44219

Gin-Vue-Admin before 2.4.6 is affected by an SQL injection flaw stemming from mishandling the SQL database. The vulnerability affects the GetAPIInfoList path via the order parameter, enabling attackers to inject and execute arbitrary SQL statements. This is identified across multiple feeds (e.g.,...

Advantech R-SeeNet application multiple SQL injection vulnerabilities in the 'company_list' page

Summary Multiple exploitable SQL injection vulnerabilities exist in the ‘companylist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. However, the high...

Input validation

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...