EUVD-2022-28554

Malicious code in bioql PyPI...

K000149707: PostgreSQL vulnerability CVE-2024-10976

Security Advisory Description Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a...

Pi-hole Web Interface 2.0 <= 5.17 Broken Access Control Vulnerability

The Pi-hole Web Interface previously AdminLTE is prone to a broken access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

AdminLTE PiHole 5.18 - Broken Access Control Vulnerability

Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...

AdminLTE PiHole Broken Access Control

Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...

AdminLTE PiHole 5.18 - Broken Access Control

Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

Code injection

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

CVE-2022-23513

CVE-2022-23513 affects Pi-hole AdminLTE (Pi-hole Web Interface). The issue is an access-control vulnerability in the queryads endpoint exposed via root-path PHP script /admin/scripts/pi-hole/phpqueryads.php, where insufficient validation allows an attacker to perform unauthorized queries for bloc...

CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

SQL INJECTION

Summary The user can submit an SQL query directly to the database, gaining access without providing appropriate credentials. Attackers can then view, export, modify, and delete confidential information; change passwords and other authentication information; and possibly gain access to other syste...

ECTouch SQL注入漏洞

ECTouch is an application. An open source mobile mall system to create an enterprise exclusive mobile mall. ECTouch suffers from a SQL injection vulnerability, which originates from the SQL injection vulnerability in ECTouch v2 generated through the integralmin parameter in index.php. An attacker...

Jifty :: DBI SQL Injection Vulnerability

Jifty :: DBI is an object-relational persistence framework. A SQL injection vulnerability exists in Jifty :: DBI versions prior to 0.68, which can be exploited by an attacker to execute illegal SQL commands...

postgresql: information leak through constraint violation errors

An information leak flaw was found in the wathe PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the que...

SuSE 10 Security Update : MySQL (ZYPP Patch Number 4376)

This update provides fixes for : - remote triggerable crash. CVE-2007-3780 - query tables without propper authorisation. CVE-2007-3781 - gain update privileges without propper authorisation. CVE-2007-3782 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is ...