Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-43020: opencats_zero-days/SQLI_in_Tag_Updates.md at main · hansmach1ne/opencats_zero-days

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.

CVE
Open in Source
#sql#vulnerability#mac#git#intel#php#zero_day
CVE-2022-43023: opencats_zero-days/SQLI_imports_errors.md at main · hansmach1ne/opencats_zero-days

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.

China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs

The Winnti APT was spotted dropping several variants of Spyder Loader and other malware as part of the so-called Operation Cuckoobees.

CVE-2022-3608: Stored XSS and possible RCE/LFI in case of misconfiguration in phpmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.

CVE-2022-39267: Authentication check flaw leads to authentication bypass

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.

CVE-2022-42218: bug_report/SQLi-1.md at main · CNchenjiabao/bug_report

Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-42188: CVE-nu11secur1ty/vendors/LavaLite at main · nu11secur1ty/CVE-nu11secur1ty

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

GHSA-q4qq-jhjv-7rh2: MySQL JDBC deserialization vulnerability

### Impact In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. ![6fc8d5c539807157ee471464b184ab66](https://user-images.githubusercontent.com/13026505/195741851-19f32efb-4391-428a-949f-3d11849f417a.png) In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, MysqlConfiguration class don't filter any parameters, directly concat user input. ```java @Getter @Setter public class MysqlConfiguration extends JdbcConfiguration { private String driver = "com.mysql.jdbc.Driver"; private String extraParams = "characterEncoding=UTF-8&connectTimeout=5000&useSSL=false&allowPublicKeyRetrieval=true&zeroDateTimeBehavior=convertToNull"; public String getJdbc() { if(StringUtils.isEmpty(extraParams.trim())){ return "jdbc:mysql://HOSTNAME:PORT/DATABASE" .replace("HOSTNAME", getHost().trim()) .replace("PORT", get...

CVE-2022-41537: bug_report/RCE-1.md at main · SmallDarkRoom1/bug_report

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.