#sql

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

By Deeba Ahmed The Ddostf Botnet was initially identified in 2016. This is a post from HackRead.com Read the original post: Ddostf Botnet Resurfaces in DDoS Attacks Against MySQL and Docker Hosts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`

SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter.

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SIMATIC PCS neo Vulnerabilities: Missing Authentication for Critical Function, SQL Injection, Permissive Cross-domain Policy with Untrusted Domains, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents, execute SQL statements, trick a legitimate user to trigger unwanted behavior, and inject Javascript code into the application that is later executed by another legitimate user. 3. TECHNICAL DETAILS...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal, Out-of-bounds Write, Out-of-bounds Read, Integer Overflow or Wraparound, Use After Free, Heap-based Buffer Overflow, Cleartext Transmission of Sensitive Information, Classic Buffer Overflow, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, data infiltration, or perform access control violations. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODU...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: SQL Injection, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of Siemens are affected: RUGGEDCOM APE1808 with Nozomi Guardian / CMC: All versions before V22.6.3 or 23.1.0 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 A S...

SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class.