Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-40771: DataEase has a SQL injection vulnerability that Not affected by SQL injection blacklists · Issue #5861 · dataease/dataease

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function.

CVE
Open in Source
#sql#vulnerability#git#java
Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware

Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed. “Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software

CVE-2023-23763: Release notes - GitHub Enterprise Server 3.6 Docs

An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.

CVE-2023-40970: [Security Bugs] SQL Injection at loan_rules.php · Issue #205 · slims/slims9_bulian

Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.

CVE-2023-41364: HOME - tine

In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.

Innovins CMS 4.7 SQL Injection

Innovins CMS version 4.7 suffers from a remote SQL injection vulnerability.

Online ID Generator 1.0 SQL Injection / Shell Upload

Online ID Generator version 1.0 suffers from remote SQL injection that allows for login bypass and remote shell upload vulnerabilities.

CVE-2023-41640: Disclosure/CVE PoC/CVE-ID | RealGimm - Information disclosure.md at main · CapgeminiCisRedTeam/Disclosure

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.

CVE-2023-41636: Disclosure/CVE PoC/CVE-ID | RealGimm - SQL Injection(1).md at main · CapgeminiCisRedTeam/Disclosure

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.

​ARDEREG Sistemas SCADA

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: ARDEREG ​Equipment: Sistemas SCADA ​Vulnerability: SQL Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to manipulate SQL query logic to extract sensitive information and perform unauthorized actions within the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following ARDEREG products are affected:  ​Sistemas SCADA: Versions 2.203 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 ​Sistema SCADA Central, a supervisory control and data acquisition (SCADA) system, is designed to monitor and control various industrial processes and critical infrastructure. ARDEREG identified this SCADA system’s login page to be vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sens...