#sql

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.

Red Hat Product Security has been developing RapiDAST, a tool that can be used for security testing of products and services. DAST stands for dynamic application (or analysis) security testing. In this article, we introduce the tool and ideas that can help you with applying DAST into your software development life cycle.

Dark Reading's analysis suggests that the merger between Human Security and PerimeterX will bring modern defense strategies to disrupt cybercrime and fraud.

Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has flagged it as malware.

A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.

A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.

Red Hat Security Advisory 2022-5703-01 - An update is now available for Red Hat Ansible Automation Platform 1.2. Issues addressed include a remote SQL injection vulnerability.