Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2019-16294: Scintilla

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

CVE
#sql#web#mac#windows#apple#google#microsoft#ubuntu#linux#dos#apache#redis#js#git#java#intel#php#c++#rce#perl#samba#pdf#vmware#amd#acer#dell#ruby#rpm#firefox#sap#ssl
CVE-2019-5467: Stored XSS in Wiki pages (#60143) · Issues · GitLab.org / GitLab FOSS · GitLab

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

CVE-2019-16168: SQLite: Timeline

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

CVE-2019-16119

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

CVE-2019-5070: TALOS-2019-0859 || Cisco Talos Intelligence Group

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.

CVE-2019-15838: Custom 404 Pro

The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.

Scalable infrastructure for investigations and incident response

Traditional computer forensics and cyber investigations are as relevant in the cloud as they are in on-premise environments, but the methods in which to access and perform such investigations differ. This post will describe some of the challenges of bringing on-premises forensics techniques to the cloud and show one solution to overcome these challenges, using Azure functionality.

CVE-2018-21004

The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.