4786 matches found
CVE-2016-10550
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequeliz...
CVE-2016-10553
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...
CVE-2016-10553
CVE-2016-10553 affects the Node.js ORM sequelize . The vulnerability is a SQL Injection when user input is concatenated into queries, specifically in patterns like findOne or where: "user input". Affected versions are the pre-3.0 releases; the recommended fix is to upgrade to version 3.0.0 or lat...
CVE-2016-10554
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...
Sql injection
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...
CVE-2016-10556
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...
CVE-2016-10556
CVE-2016-10556 affects the Sequelize ORM for Node.js (v3.19.3 and earlier). The issue: when an array is used as a string in a query, Sequelize incorrectly escapes it, causing a SQL injection in Postgres, SQLite, and MSSQL. The PoC shows a crafted replacements value leading to a query like: SELECT...
CVE-2016-10556
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...
EulerOS 2.0 SP1 : sqlite (EulerOS-SA-2018-1136)
According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to...
EulerOS 2.0 SP1 : memcached (EulerOS-SA-2018-1138)
According to the version of the memcached package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related t...
EulerOS 2.0 SP2 : sqlite (EulerOS-SA-2018-1137)
According to the version of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to...
OpenDaylight SQL Injection
Exploit Title: OpenDaylight SQL Injection Date: 2018-05-24 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.opendaylight.org CVE: CVE-2018-1132 intro: OpenDaylight ODL is a modular open platform for customizing and automating networks of any size and scale. The...
OpenDaylight - SQL Injection
OpenDaylight - SQL Injection. CVE-2018-1132. Webapps exploit for Java platform Exploit Title: OpenDaylight SQL Injection Date: 2018-05-24 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.opendaylight.org CVE: CVE-2018-1132 intro: OpenDaylight ODL is a modular open...
OpenDaylight - SQL Injection Vulnerability
Exploit for java platform in category web applications Exploit Title: OpenDaylight SQL Injection Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.opendaylight.org CVE: CVE-2018-1132 intro: OpenDaylight ODL is a modular open platform for customizing and automating...
MakeMyTrip 7.2.4 - Information Disclosure
MakeMyTrip 7.2.4 - Information Disclosure Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Date: 2018-05-21 Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on...
MakeMyTrip 7.2.4 - Information Disclosure Vulnerability
Exploit for Android platform in category local exploits Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on:...
MakeMyTrip 7.2.4 - Information Disclosure
Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Date: 2018-05-21 Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on: Android v5.1 1. Description Android...
CVE-2018-11242
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases locally stored are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files...
[SECURITY] Fedora 28 Update: roundcubemail-1.3.6-1.fc28
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
Critical Photon OS Security Update - PHSA-2018-0126
Updates of 'httpd', 'strongswan', 'paramiko', 'python3', 'patch', 'mercurial', 'xerces-c', 'pycrypto', 'sqlite- autoconf', 'binutils', 'mysql', 'net-snmp' packages of Photon OS have been released...