Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

RHSA-2023:0076: Red Hat Security Advisory: Red Hat Ceph Storage 5.3 security update and Bug Fix

An update for ceph, cephadm-ansible, ceph-iscsi, python-dataclasses, and python-werkzeug is now available for Red Hat Ceph Storage 5.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24785: Moment.js: Path traversal in moment.locale

Red Hat Security Data
Open in Source
#sql#vulnerability#linux#red_hat#js#kubernetes#auth#docker#ssl
CVE-2022-40615: Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to SQL injection attack (CVE-2022-40615)

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208.

Debian Security Advisory 5313-1

Debian Linux Security Advisory 5313-1 - It was found that those using java.sql.Statement or java.sql.PreparedStatement in hsqldb, a Java SQL database, to process untrusted input may be vulnerable to a remote code execution attack.

Online Food Ordering System 2.0 Cross Site Scripting

Online Food Ordering System version 2.0 suffers from a cross site scripting vulnerability.

Tiki Wiki CMS Groupware 25.0 Cross Site Scripting

Tiki Wiki CMS Groupware version 25.0 suffers from a cross site scripting vulnerability.

CVE-2022-47864: Lead management system php open source free download

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.

CVE-2022-47862: CVE/sql in ajax_represent.php .md at main · xiumulty/CVE

Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.

CVE-2014-125074: fixed problems in register controller, and worked at preventing sql-i… · Nayshlok/Voyager@f1249f4

A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability.

CVE-2017-20168: Fixed SQL Injection Issues · jfm-so/piWallet@b420f8c

A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.

CVE-2022-47859: CVE/sql in changePassword.php.md at main · xiumulty/CVE

Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.