Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-34977: Vulnerabilities in Video Station - Security Advisory

A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later

CVE
#sql#xss#vulnerability#js#auth
Apache Superset 2.0.0 Remote Code Execution

Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user. From there the Superset database is mounted, and credentials are pulled. A dashboard is then created. Lastly a pickled python payload can be set for that dashboard within Superset's database which will trigger the remote code execution. An attempt to clean up ALL of the dashboard key values and reset them to their previous values happens during the cleanup phase.

WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution

WordPress Core versions prior to 6.3.2 suffer from arbitrary shortcode execution, cross site scripting, denial of service, and information leakage vulnerabilities. Versions prior to 6.3.2 are vulnerable.

Red Hat Security Advisory 2023-5684-01

Red Hat Security Advisory 2023-5684-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

Red Hat Security Advisory 2023-5683-01

Red Hat Security Advisory 2023-5683-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

CVE-2023-4517: Security patch for XSS in Edit server (#3946) · hestiacp/hestiacp@d30e3ed

Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.

CVE-2023-38251: Adobe Security Bulletin

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.

New CISA Advisories Highlight Vulnerabilities in Top ICS Products

By Waqas New CISA Advisories Highlight Vulnerabilities in Siemens, Mitsubishi Electric, Hikvision, and Schneider Electric ICS Products. This is a post from HackRead.com Read the original post: New CISA Advisories Highlight Vulnerabilities in Top ICS Products

Dawa Pharma 1.0-2022 SQL Injection

Dawa Pharma version 1.0-2022 suffers from a remote SQL injection vulnerability.

CVE-2023-5046

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390.