Tag
#vulnerability
### Summary A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the get_schemas, get_tables, or get_columns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. ### Impact A SQL injection is possible in the Amazon Redshift Python Connector, version 2.1.4, when leveraging metadata APIs to retrieve information about database schemas, tables, or columns. **Impacted versions:** Amazon Redshift Python Connector version 2.1.4. ### Patches The issue described above has been addressed in the Amazon Redshift Python Connector, version 2.1.5. The patch implemented in this version ensures that every metadata command input is sent to the Redshift server as part of a parameterized query, using either QUOTE_IDENT(string) or QUOTE_LITERAL(string). After processing all the inputs into quoted identifiers or literals, the metadata command is composed using these input...
### Summary A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via schema injection in the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. ### Impact A SQL injection is possible in the Amazon Redshift JDBC Driver, version 2.1.0.31, when leveraging metadata APIs to retrieve information about database schemas, tables, or columns. **Impacted versions:** Amazon Redshift JDBC Driver version 2.1.0.31. ### Patches The issue described above has been addressed in the Amazon Redshift JDBC Driver, version 2.1.0.32. The patch implemented in this version ensures that every metadata command input is sent to the Redshift server as part of a parameterized query, using either QUOTE_IDENT(string) or QUOTE_LITERAL(string). After processing all the inputs into quoted identifiers or literals, the metadata command is composed using these inputs and then ex...
### Summary A stored cross-site scripting (XSS) vulnerability was identified in lgsl. The issue arises from improper sanitation of user input. Everyone who accesses this page will be affected by this attack. ### Details The function `lgsl_query_40` in `lgsl_protocol.php` has implemented an HTTP crawler. This function makes a request to the registered game server, and upon crawling the malicious `/info` endpoint with our payload, will render our javascript on the info page. This information is being displayed via `lgsl_details.php` #### Affected Code: ```php foreach ($server['e'] as $field => $value) { $value = preg_replace('/((https*:\/\/|https*:\/\/www\.|www\.)[\w\d\.\-\/=$?]*)/i', "<a href='$1' target='_blank'>$1</a>", html_entity_decode($value)); $output .= " <tr><td> {$field} </td><td> {$value} </td></tr>"; } ``` ### PoC 1. Create a game server with type `eco` and set the target host and port accordingly to your ttack server. I have crafted...
Marp Core ([`@marp-team/marp-core`](https://www.npmjs.com/package/@marp-team/marp-core)) from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting (XSS) due to improper neutralization of HTML sanitization. ### Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by default. When the allowlist is active, if insufficient HTML comments are included, the sanitizer may fail to properly sanitize HTML content and lead cross-site scripting (XSS). ### Patches Marp Core [v3.9.1](https://github.com/marp-team/marp-core/releases/tag/v3.9.1) and [v4.0.1](https://github.com/marp-team/marp-core/releases/tag/v4.0.1) have been patched to fix that. ### Workarounds If you are unable to update the package immediately, disable all HTML tags by setting `html: false` option in the `Marp` class constructor. ```javascript const marp = new Marp({ html: false }) ``` ### References - [CWE-79: Improper Neutralization...
From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.
iProov uncovers a major Dark Web operation selling stolen identities with matching biometrics, posing a serious threat to KYC verification systems
Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams.…
A US court ruled against NSO Group, an Israeli spyware maker, finding them liable for hacking WhatsApp users. The ruling has major implications for the surveillance technology industry."
Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection