Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Red Hat Security Advisory 2022-8559-01

Red Hat Security Advisory 2022-8559-01 - The hsqldb packages provide a relational database management system written in Java. The Hyper Structured Query Language Database contains a JDBC driver to support a subset of ANSI-92 SQL.

Packet Storm
Open in Source
#sql#vulnerability#mac#linux#red_hat#js#java#rce#i2p
CVE-2022-3910: 🐧đŸ•ș

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

CVE-2022-42098: Release Development Release · msaad1999/KLiK-SocialMediaWebsite

KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.

CVE-2022-43215: CVE/CVE-2022-43215(sql in getOrderReport.php).md at main · Qrayyy/CVE

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php.

CVE-2022-43214: CVE/CVE-2022-43214(sql in printOrder.php).md at main · Qrayyy/CVE

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php.

CVE-2022-30529: GitHub - killmonday/isic.lk-RCE: isic.lk tour booking website multi vuln (sqli/ file upload / info leak) lead to RCE

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.

CVE-2022-43709: ACP Users SQL injection

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.

GHSA-rr8h-f97q-8p9c: Blind SQL Injection via GridFieldSortableHeader

Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability. An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state.

CVE-2022-44788: Maggioli Appalti & Contratti, Multiple Vulnerabilities - BackBox.org Membership

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.

GHSA-4x5r-6v26-7j4v: Creation of new database tables through login form on PostgreSQL

### Impact It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. ### Patches The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. ### Workarounds The only workarounds for this are: * use an authenticator which does interpret the login as a reference to a document * using a different database than PostgreSQL * upgrade XWiki ### References https://jira.xwiki.org/browse/XWIKI-19886 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:[email protected])