MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied...

FreeBSD : MariaDB -- Multiple vulnerabilities (ff5606f7-8a45-11ec-8be6-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ff5606f7-8a45-11ec-8be6-d4c9ef517024 advisory. - MariaDB through 10.5.13 allows a hamaria::extra application crash via certain SELECT...

MariaDB 10.2.0 < 10.2.42 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.2.42. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.2.42 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

MariaDB 10.7.0 < 10.7.2 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.7.2 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

MariaDB 10.4.0 < 10.4.23 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.4.23. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.4.23 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

MariaDB 10.6.0 < 10.6.6 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.6.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.6.6 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

MariaDB 10.8.0 < 10.8.1 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-1081-rn advisory. - This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is...

MariaDB 10.3.0 < 10.3.33 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.3.33. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.3.33 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

PT-2022-1640 · Mariadb +10 · Mariadb +11

Name of the Vulnerable Software and Affected Versions: MariaDB affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processi...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

CVE-2022-23320

Summary: CVE-2022-23320 affects XMPie uStore 12.3.7244.0. The issue is an authentication/authorization weakness where default administrative credentials allow attackers to log in and exploit the ability to run or access raw SQL-based reports , leading to potential exfiltration of sensitive databa...

CVE-2021-44866

An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database...

openSUSE 15 Security Update : log4j12 (openSUSE-SU-2022:0226-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0226-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

Mageia: Security Advisory (MGASA-2015-0026)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0247)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2884-1] wordpress security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2884-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 17, 2022 https://wiki.debian.org/LTS -...

Apache Log4j SQL Injection Vulnerability

Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...

CVE-2022-23305 SQL injection in JDBC Appender in Apache Log4j V1

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

WordPress Core 5.8.2 - (WP_Query) SQL Injection Vulnerability

Exploit Title: WordPress Core 5.8.2 - 'WPQuery' SQL Injection Exploit Author: Aryan Chehreghani Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: &nonce=a85a0c3bfa&...

Debian: Security Advisory (DSA-5039-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...