Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Employee Management System 1.0-2024 SQL Injection

Employee Management System version 1.0-2024 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

Packet Storm
#sql#vulnerability#web#git#php#auth
GHSA-6927-3vr9-fxf2: ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection

### Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. ### Patches The algorithm to detect SQL injection has been improved. ### Workarounds None. ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 - https://github.com/parse-community/parse-server/releases/tag/6.5.0 (fixed in Parse Server 6) - https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 (fixed in Parse Server 7 alpha release) ### Credits - Mikhail Shcherbakov (https://twitter.com/yu5k3) working with Trend Micro Zero Day Initiative (finder) - Ehsan Persania (remediation developer) - Manuel Trezza (coordinator)

GHSA-qw9g-7549-7wg5: Directus has MySQL accent insensitive email matching

## Password reset vulnerable to accent confusion The password reset mechanism of the Directus backend is implemented in a way where combined with (specific, need to double check if i can work around) configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insenstive and case-insensitve comparisons. MySQL weak comparison: ```sql select 1 from directus_users where '[email protected]' = 'julian@cüre53.de'; ``` This is exploitable due to an error in the API using the supplied email address for sending the reset password mail instead of using the email from the database. ### Steps to reproduce: 1. If the attacker knows the email address of the victim user, i.e., `[email protected]`. (possibly just the domain could be enough f...

Membership Management System 1.0 SQL Injection

Membership Management System version 1.0 suffers from a remote SQL injection vulnerability.

Here Come the AI Worms

Security researchers created an AI worm in a test environment that can automatically spread between generative AI agents—potentially stealing data and sending spam emails along the way.

GHSA-j2pw-vp55-fqqj: Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID

### Impact When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the old (deprecated 10 years ago) OpenID 2.0 authorization protocol (which is very different from the popular OIDC - Open ID Connect - popular protocol used today). Currently, this protocol is regarded as legacy, with significantly reduced usage and not supported for several years by major authorization providers. ### Patches Upgrade to Flask-AppBuilder 4.3.11 ### Workarounds If upgrade is not possible add the following to your config: ``` from flask import flash, redirect from flask_appbuilder import expose from flask_appbuilder.security.sqla.manager import SecurityManager from f...

Red Hat Security Advisory 2024-1017-03

Red Hat Security Advisory 2024-1017-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Blood Bank 1.0 SQL Injection

Blood Bank version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Nitin Sharma in October of 2021.

WordPress WP Fastest Cache 1.2.2 SQL Injection

WordPress WP Fastest Cache plugin version 1.2.2 suffers from an unauthenticated remote SQL injection vulnerability.

GHSA-5474-f7g5-273q: Apache Superset: Improper validation of SQL statements allows for unauthorized access to data

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue.