Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Invision Community 4.7.15 SQL Injection

Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.

Packet Storm
#sql#csrf#vulnerability#php#rce#perl#auth#ssl
UP-RESULT 0.1 2024 SQL Injection

UP-RESULT version 0.1 2024 suffers from a remote SQL injection vulnerability.

The Legacy of a Security Breach

By Daily Contributors Today over at Resonance Security I am going to look at one of the more unusual ways in… This is a post from HackRead.com Read the original post: The Legacy of a Security Breach

Visual Planning 8 Arbitrary File Read

Authenticated attackers can exploit a weakness in the XML parser functionality of the Visual Planning application in order to obtain read access to arbitrary files on the application server. Depending on configured access permissions, this vulnerability could be used by an attacker to exfiltrate secrets stored on the local file system. All versions prior to Visual Planning 8 (Build 240207) are affected.

Visual Planning REST API 2.0 Authentication Bypass

A wildcard injection inside a prepared SQL statement was found in an undocumented Visual Planning 8 REST API route. The combination of fuzzy matching (via LIKE operator) and user-controlled input allows exfiltrating the REST API key based on distinguishable server responses. If exploited, attackers are able to gain administrative access to the REST API version 2.0.

DerbyNet 9.0 print/render/racer.inc SQL Injection

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.

DerbyNet 9.0 print/render/award.inc SQL Injection

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.

DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.

Human Resource Management System 2024 1.0 SQL Injection

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.

Jasmin Ransomware 1.1 Arbitrary File Read

Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.