Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-2059: Pandora FMS Common Vulnerabilities and Exposures

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

CVE
Open in Source
#sql#xss#vulnerability#web#linux#apache#js#php#rce#perl#auth
Ubuntu Security Notice USN-5530-1

Ubuntu Security Notice 5530-1 - It was discovered that PHP incorrectly handled certain memory operations when obtaining file information. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection

Marty Marketplace Multi Vendor Ecommerce Script version 1.2 suffers from a remote SQL injection vulnerability.

CVE-2022-33965: WP Visitor Statistics (Real Time Traffic)

Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.

CVE-2022-29709: CLink Office 2.0 SQL Injection ≈ Packet Storm

CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters.

GHSA-qv6h-pcf2-2w3g: Duplicate Advisory GHSA-hrgx-p36p-89q4

## Duplicate Advisory This advisory is a duplicate of GHSA-hrgx-p36p-89q4. This link is maintained to preserve external references. ## Original Description PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

CVE-2022-34115: [Bug]任意文件跨目录写入 · Issue #2428 · dataease/dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

CVE-2022-34114: [Bug]任意SQL代码执行 · Issue #2430 · dataease/dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

CVE-2022-36408: Major Security Vulnerability on PrestaShop Websites

PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

Threat Roundup for July 15 to July 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 15 and July 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 2...