#sql

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02.

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.

Categories: Personal Tags: letmespy Tags: stalkerware Tags: spy Tags: snoop Tags: install Tags: data Tags: breach Tags: hacked We take a look at reports of an app called LetMeSpy facing an imminent shutdown after a server breach and data deletion incident. (Read more...) The post Server breach could be fatal blow for LetMeSpy appeared first on Malwarebytes Labs.

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2454: A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code. * CVE-2023-2455: A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned ...