Tag
#sql
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
With the planned release of Red Hat Enterprise Linux (RHEL) 10 in 2025, the PKCS #12 (Public-Key Cryptography Standards #12) files created in FIPS mode now use Federal Information Processing Standard (FIPS) cryptography by default. In other words, PKCS #12 files allow for backup or easy transfer of keying material between RHEL systems using FIPS approved algorithms.What are PKCS #12 files?PKCS #12 is currently defined by RFC 7292 and is a format for storing and transferring private keys, certificates, and miscellaneous secrets. Typically, PKCS #12 is used for transferring private RSA, EdDSA, o
Vulnhuntr is a Python static code analyzer that uses Claude AI to find and explain complex, multistep vulnerabilities.
### Summary In the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. ### Details The `database` extension, with some restrictions, lets users connect to any database they wish by filling in different parts of the JDBC URL that is used. For the SQLite integration, the extension expects a file path pointing to a database file (or a place where such a file can be created). This means that users can: * Read files on local or SMB filesystems, provided they are SQLite databases. * Write to files on local or SMB filesystems, as long as those files are either SQLite databases or empty. This seems to be the expected behavior. However, by adding `?enable_load_extension=true` to the filename, a [feature](https://www.sqlite.org/loadext.html) is toggled that additionally all...
### Summary The `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then be included in the response, along with an attacker-controlled `Content-Type` header, and so potentially executed in the victim's browser as if it was part of OpenRefine. The attacker must know a valid project ID of a project that contains at least one row. ### Details The malicious form sets `contentType` to `text/html` (ExportRowsCommand.java line 101) and `preview` to `true` (line 107). This combination causes the browser to treat what OpenRefine thinks of as an export preview as a regular webpage. It would be safer if the `export-rows` command did not allow overriding the Content-Type header at all, instead relying on the exporter to provide the correct Content-Type. It could a...
Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support