PT-2022-1640 · Mariadb +10 · Mariadb +11

Name of the Vulnerable Software and Affected Versions: MariaDB affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processi...

MariaDB 10.6.0 < 10.6.6 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.6.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.6.6 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

MariaDB 10.8.0 < 10.8.1 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.8.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-1081-rn advisory. - This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is...

MariaDB 10.3.0 < 10.3.33 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.3.33. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.3.33 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

MariaDB 10.4.0 < 10.4.23 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.4.23. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.4.23 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

MariaDB 10.2.0 < 10.2.42 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.2.42. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.2.42 advisory. - MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

CVE-2022-23320

Summary: CVE-2022-23320 affects XMPie uStore 12.3.7244.0. The issue is an authentication/authorization weakness where default administrative credentials allow attackers to log in and exploit the ability to run or access raw SQL-based reports , leading to potential exfiltration of sensitive databa...

CVE-2021-44866

An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database...

openSUSE 15 Security Update : log4j12 (openSUSE-SU-2022:0226-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0226-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

Mageia: Security Advisory (MGASA-2015-0026)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0247)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2884-1] wordpress security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2884-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 17, 2022 https://wiki.debian.org/LTS -...

Apache Log4j SQL Injection Vulnerability

Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...

CVE-2022-23305 SQL injection in JDBC Appender in Apache Log4j V1

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

WordPress Core 5.8.2 - (WP_Query) SQL Injection Vulnerability

Exploit Title: WordPress Core 5.8.2 - 'WPQuery' SQL Injection Exploit Author: Aryan Chehreghani Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: &nonce=a85a0c3bfa&...

Debian: Security Advisory (DSA-5039-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Core WP_Query SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of WordPress Core. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WPQuery class. The issue results from the lack of proper validation of a...

DEBIAN-CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

The vulnerability of the “name_filter” parameter in the “company_list” component of the Advantech R-SeeNet monitoring software allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the “namefilter” parameter in the “companylist” component of the Advantech R-SeeNet monitoring software for routers is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary SQL queries remotely...