#js

Yoga Class Registration System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

### Impact The SQL injection exploit is related to replacements. Here is such an example: In the following query, some parameters are passed through replacements, and some are passed directly through the `where` option. ```typescript User.findAll({ where: or( literal('soundex("firstName") = soundex(:firstName)'), { lastName: lastName }, ), replacements: { firstName }, }) ``` This is a very legitimate use case, but this query was vulnerable to SQL injection due to how Sequelize processed the query: Sequelize built a first query using the `where` option, then passed it over to `sequelize.query` which parsed the resulting SQL to inject all `:replacements`. If the user passed values such as ```json { "firstName": "OR true; DROP TABLE users;", "lastName": ":firstName" } ``` Sequelize would first generate this query: ```sql SELECT * FROM users WHERE soundex("firstName") = soundex(:firstName) OR "lastName" = ':firstName' ``` Then would inject replacements in it, wh...

File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code.

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

### Impact GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations: 1. ``PropertyIsLike`` filter * Requires PostGIS DataStore with "encode functions" enabled * Or any JDBCDataStore (all relational databases) with String field (no mitigation) 3. ``strEndsWith`` function * Requires PostGIS DataStore with "encode functions" enabled 5. ``strStartsWith`` function * Requires PostGIS DataStore with "encode functions" enabled 6. ``FeatureId`` filter * Requires JDBCDataStore (all relational databases) with prepared statements disabled and table with String primary key (Oracle not affected, SQL Server and MySQL have no settings to enabled prepared statements, PostGIS does) 7. ``jsonArrayContains`` function * Requires PostGIS and Oracle DataStore with String or JSON field 8. ``DWithin`` filter * Happe...