Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Employee Record Management System 1.0 SQL Injection

Employee Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
#sql#vulnerability#windows#google#php#auth#firefox
DETS Project 1.0 SQL Injection

DETS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

School Log Management System 1.0 SQL Injection / Code Execution

School Log Management System version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.

Simple College Website 1.0 SQL Injection / Code Execution

Simple College Website version 1.0 appears to suffers from a remote SQL injection vulnerability that allows an attacker to achieve code execution.

GHSA-34qg-65m4-f23m: Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>

### Summary In Froxlor 2.1.9 and in the HEADs of the `main`, `v2.2` and `v2.1` branches , the XML templates in `lib/configfiles/` set `chmod 644` for `/etc/pure-ftpd/db/mysql.conf`, although that file contains `<SQL_UNPRIVILEGED_PASSWORD>`. At least on Debian 12, all parent directories of `/etc/pure-ftpd/db/mysql.conf` are world readable by default, thus exposing these credentials to all users with access to the system. Only Froxlor instances configured to use pure-ftpd are affected/vulnerable. ### Details https://github.com/froxlor/Froxlor/blob/2.1.9/lib/configfiles/bookworm.xml#L3075 ### PoC As non-privileged user: ``` nobody@mail:/tmp$ grep MYSQLPassword /etc/pure-ftpd/db/mysql.conf MYSQLPassword MySecretMySQLPasswordForFroxlor ``` ### Impact Any unprivileged user with "command/code execution" access to the system can trivially obtain the credentials granting access to the `froxlor` MySQL database. This holds true even for virtual users without SSH access as long as they are a...

GHSA-wq9x-qwcq-mmgf: Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: > SQL Injection isn't Dead: Smuggling Queries at the Protocol Level > <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf> > (Archive link for posterity.) Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data. It appears Diesel _does_ perform truncating casts in a way that could be problematic, for example: <https://github.com/diesel-rs/diesel/blob/ae82c4a5a133db65612b7436356f549bfecda1c7/diesel/src/pg/connection/stmt/mod.rs#L36> This code has existed essentially since the beginning, so it is reasonable to assume that all published versio...

DiCal-RED 4009 Outdated Third Party Components

DiCal-RED version 4009 makes use of unmaintained third party components with their own vulnerabilities.

Courier Management System 1.0 Cross Site Request Forgery

Courier Management System version 1.0 suffers from a cross site request forgery vulnerability.

Company Visitor Management 1.0 SQL Injection

Company Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Client Management System 1.0 SQL Injection

Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.