Malicious code in bfx-facs-db-sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 638561b93842e8f2c98e08524c7f17cce709403b130b68ca4440d89942614e17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1521 Malicious code in bfx-facs-db-sqlite (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 638561b93842e8f2c98e08524c7f17cce709403b130b68ca4440d89942614e17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

flatCore 代码问题漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. A security vulnerability exists in flatCore-CMS 2.0.8, which stems from an application call to a dangerous function that leads to a server-side request forgery vulnerability...

flatCore Cross-Site Scripting Vulnerability (CNVD-2022-58394)

flatCore is a lightweight content management system CMS based on PHP and SQLite. A cross-site scripting vulnerability exists in flatCore version 2.0.8, which stems from a lack of checksum filtering of user-supplied and output data in the Create New Page option of the index page. An attacker can...

flatCore-CMS Cross-Site Scripting Vulnerability (CNVD-2022-46172)

flatCore-CMS is a PHP and MySQL/SQLite based Web Content Management System CMS. flatCore-CMS version 2.0.9 is vulnerable to a cross-site scripting XSS vulnerability. An attacker could use this vulnerability to inject malicious JavaScript programs, steal cookies from other users, etc...

Vulnerabilities fixed in IBM QRadar SIEM

Vulnerabilities have been fixed in the IBM QRadar Data Synchronization App for IBM QRadar SIEM. The vulnerabilities are are in underlying software and libraries, such as Node.js and SQLite. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the...

GHSA-J8Q9-5RP9-4MV9 Fix a use-after-free bug in diesels Sqlite backend

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...

Fix a use-after-free bug in diesels Sqlite backend

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...

imgurl sql injection vulnerability

imgurl is a graphical bed application developed using PHP SQLite 3. imgurl version v2.3.1 is vulnerable to SQL injection. The vulnerability originates in /upload/localhost, where the ip is spliced directly into the sql statement, and can be exploited by attackers to cause SQL injection attacks...

imgurl SQL注入漏洞

imgurl is a graphical bed application developed using PHP SQLite 3. imgurl version v2.3.1 is vulnerable to SQL injection. The vulnerability originates in /upload/localhost, where the ip is spliced directly into the sql statement, and can be exploited by attackers to cause SQL injection attacks...

new packages: sqlite

An update is available for sqlite. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

new packages: perl-DBD-SQLite

An update is available for perl-DBD-SQLite. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

T-Soft E-Commerce 4 SQL Injection

Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Date: 18.02.2022 Description Step-1: Login as Admin or...

NewStart CGSL MAIN 6.02 : sqlite Multiple Vulnerabilities (NS-SA-2022-0052)

The remote NewStart CGSL host, running version MAIN 6.02, has sqlite packages installed that are affected by multiple vulnerabilities: - SQLite through 3.32.0 has an integer overflow in sqlite3strvappendf in printf.c. CVE-2020-13434 - In SQLite before 3.32.3, select.c mishandles query-flattener...

USN-5403-1: SQLite vulnerability

It was discovered that SQLite command-line component incorrectly handled certain queries. An attacker could possibly use this issue to cause a crash or possibly execute arbitrary code...

Ubuntu 18.04 LTS / 20.04 LTS : SQLite vulnerability (USN-5403-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5403-1 advisory. It was discovered that SQLite command-line component incorrectly handled certain queries. An attacker could possibly use this issue to cause a crash o...

Sqlite3 安全漏洞

Sqlite is a lightweight database and ACID-compliant relational database management system. A security vulnerability exists in Sqlite3 versions prior to 5.0.3, which can be exploited by attackers to cause a denial of service DoS attack...

The vulnerability of the PHP programming language interpreter, related to privilege management errors, allows attackers to bypass the protection mechanisms defined by open_basedir.

The vulnerability of the PHP programming language interpreter and the SQLite database management system is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms defined by openbasedir...

CVE-2021-36690 affecting package sqlite for versions less than 3.36.0-3

CVE-2021-36690 affecting package sqlite for versions less than 3.36.0-3. A patched version of the package is available...

Aiven Ltd: [Kafka Connect] [JdbcSinkConnector][HttpSinkConnector] RCE by leveraging file upload via SQLite JDBC driver and SSRF to internal Jolokia

Summary: The Aiven JDBC sink includes the SQLite JDBC Driver. This JDBC driver can be used to upload SQLite database files onto the server. The HTTP sink connector allows sending HTTP requests to localhost. There is unprotected Jolokia listening on localhost:6725. JMX exports the...