Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

WorkOrder CMS 0.1.0 SQL Injection

WorkOrder CMS version 0.1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
Open in Source
#sql#vulnerability#linux#git#auth
CVE-2022-1941: Security Bulletins  |  Customer Care  |  Google Cloud

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

CVE-2022-40447: ZZCMS2022 is vulnerable to SQL injection in "baojia_list.php" · Issue #5 · liong007/ZZCMS

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.

CVE-2022-40446: ZZCMS2022 is vulnerable to SQL injection · Issue #4 · liong007/ZZCMS

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.

Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure

Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets. "This identifier is not considered secret, and organizations do not treat it as

CVE-2022-38073: Awesome Support – WordPress HelpDesk & Support Plugin

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.

CVE-2022-36386: Import any XML or CSV File to WordPress

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

CVE-2022-40028: CVE_HUNTER/2022-09-01-XSS2.md at main · xidaner/CVE_HUNTER

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter.

CVE-2022-40027: CVE_HUNTER/2022-09-01-XSS1.md at main · xidaner/CVE_HUNTER

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.

CVE-2022-40026: CVE_HUNTER/2022-09-01-SQL1.md at main · xidaner/CVE_HUNTER

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.