Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Simple Online Banking System 1.0 SQL Injection

Simple Online Banking System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
#sql#vulnerability#web#mac#js#intel#php#auth#firefox
GHSA-fg4q-ccq8-3r5q: NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities

### Impact A SQL injection vulnerability exists in some types implementing `ILiteralType.ObjectToSQLString`. Callers of these methods are exposed to the vulnerability, which includes: - Mappings using inheritance with discriminator values: - The discriminator value could be written in the mapping in a way exploiting the vulnerability of the associated discriminator type, if that type is among the vulnerable ones. - The current culture settings for formatting the discriminator value type could be altered in a way resulting into SQL injections with the discriminator values. - HQL queries referencing a static field of the application. - Users of the `SqlInsertBuilder` and `SqlUpdateBuilder` utilities, calling their `AddColumn` overload taking a literal value. These overloads are unused by NHibernate but could be used by users referencing directly these utilities. - Any direct use of the `ObjectToSQLString` methods for building SQL queries on the user side. ### Patches Releases ...

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said. The cybersecurity firm, which infiltrated the ransomware group, noted that its

GHSA-mwxm-35f8-6vg2: Vanna vulnerable to SQL Injection

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API.

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery 2.3.6 SQL Injection

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery version 2.3.6 suffers from a remote SQL injection vulnerability.

Cinema Booking System 1.0 SQL Injection / Cross Site Request Forgery

Cinema Booking System version 1.0 suffers from remote SQL injection and cross site request forgery vulnerabilities.

Ubuntu Security Notice USN-6879-1

Ubuntu Security Notice 6879-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.

Toshiba Multi-Function Printers 40 Vulnerabilities

103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more.

The Not-So-Secret Network Access Broker x999xx

Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is "x999xx," the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups.

Red Hat Security Advisory 2024-4245-03

Red Hat Security Advisory 2024-4245-03 - An update for python3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote SQL injection vulnerability.