Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-31856: Offensive Security’s Exploit Database Archive

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.

CVE
Open in Source
#sql#vulnerability#linux#php#auth#firefox
CVE-2021-44915: There is SQL blind injection at "Edit category"(Column administrator authority) · Issue #8 · taogogo/taocms

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.

Spring Data MongoDB hit by another critical SpEL injection flaw

Bug mirrors recent SpEL injection vulnerability that emerged alongside ‘SpringShell’ issue

RHSA-2022:5498: Red Hat Security Advisory: Satellite 6.11 Release

An update is now available for Red Hat Satellite 6.11This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3200: libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c * CVE-2021-3584: foreman: Authenticate remote code execution through Sendmail configuration * CVE-2021-4142: Satellite: Allow unintended SCA certificate to authenticate Candlepin * CVE-2021-21290: netty: Information disclosure via the local system temporary directory * CVE-2021-21295: netty: possible request smuggling in HTTP/2 due missing validation * CVE-2021-21409: netty: Request smuggling via content-length header * CVE-2021-30151: sidekiq: XSS via the queue name of the live-poll feature * CVE-2021-32839: python-sqlparse: ReDoS via regular expression i...

CWE Top 25: These are the most dangerous software weaknesses of 2022

CISA and MITRE’s latest CWE shakeup reveals the most severe threats impacting enterprise software today

Cloud-based malware is on the rise. How can you secure your business?

Cloud-based malware in on the rise. In this post, we’ll cover four ways you can help secure your business against cloud-based malware. The post Cloud-based malware is on the rise. How can you secure your business? appeared first on Malwarebytes Labs.

Cloud-based malware is on the rise. How can you secure your business?

Cloud-based malware in on the rise. In this post, we’ll cover four ways you can help secure your business against cloud-based malware. The post Cloud-based malware is on the rise. How can you secure your business? appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-5479-2

Ubuntu Security Notice 5479-2 - USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Advanced Testimonials Manager 5.6 SQL Injection

Advanced Testimonials Manager version 5.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

GHSA-p64x-8rxx-wf6q: SQL Injection in Django

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.