Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-xfg6-62px-cxc2: SQL injection in pgjdbc

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.

ghsa
Open in Source
#sql#vulnerability#git#java#postgres#maven
Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

InstantCMS 2.16.1 Cross Site Scripting

InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.

1 in 5 Youth Engage in Cybercrime, NCA Finds

By Waqas One in five children aged 10-16 in the UK have engaged in online activities that violate the Computer Misuse Act, NCA has revealed. This is a post from HackRead.com Read the original post: 1 in 5 Youth Engage in Cybercrime, NCA Finds

WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution

WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.

Exploring the Phenomenal Rise of Ethereum as a Digital Asset

By Uzair Amir In this exploration, we delve into the multifaceted layers of Ethereum’s meteoric rise, dissecting the technological breakthroughs, the… This is a post from HackRead.com Read the original post: Exploring the Phenomenal Rise of Ethereum as a Digital Asset

GHSA-4265-ccf5-phj5: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

GHSA-5jjq-8cvj-v6m9: Cross-site Scripting in Serenity

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.

Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data

By Waqas Deja vu at Robert Half? Notorious hackers claim responsibility as the staffing giant makes headlines for yet another alleged data breach in two years. This is a post from HackRead.com Read the original post: Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data

GHSA-7f2v-5877-rx3x: Code injection in REDAXO

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.