Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Red Hat Security Advisory 2022-4712-01

Red Hat Security Advisory 2022-4712-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.

Packet Storm
#sql#vulnerability#mac#linux#red_hat#apache#js#java#ldap#nginx#postgres#ssl
GHSA-595x-hh6c-hfv8: SQL injection in jflyfox jfinal

Jfinal cms 5.1.0 is vulnerable to SQL Injection.

RHSA-2022:4712: Red Hat Security Advisory: RHV Engine and Host Common Packages security update

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

CVE-2022-30495: OpenSource/exploit_idor_asms.md at main · nsparker1337/OpenSource

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)

CVE-2022-30516: GitHub - Danie1233/Hospital-Management-System-V1.0-SQLi

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.

CVE-2022-30493: OpenSource/exploit_sql_asms.md at main · nsparker1337/OpenSource

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).

CVE-2022-30494: OpenSource/exploit_xss_asms.md at main · nsparker1337/OpenSource

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.

LinkedIn bug bounty program goes public with rewards of up to $18k

Social media platform ends private program after paying $250,000 in rewards over eight years