#sql

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php.

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php.

An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query. ## <a name="mitigation-factors"></a>Mitigation factors If you are not talking to Microsoft SQL Server from your application you are not affected by this vulnerability. ### <a name="how-affected"></a>How do I know if I am affected? .NET has two types of dependencies: direct and transitive. Direct dependencies are dependencies where you specifically add a package to your project, transitive dependencies occur when you add a package to your project that in turn relies on another package. For example, the Microsoft.AspNetCore.Mvc package depends on the Microsoft.AspNetCore...

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.

By Waqas It has been identified that these malicious packages are downloaded over 29 million times each day. This is a post from HackRead.com Read the original post: Python Developers Beware: Malicious Packages are Swapping Out Your Crypto Addresses

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public.