Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-22371: TALOS-2023-1703 || Cisco Talos Intelligence Group

An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE
Open in Source
#sql#vulnerability#web#cisco#js#intel#auth#ssl
CVE-2023-24497: TALOS-2023-1704 || Cisco Talos Intelligence Group

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database

CVE-2023-23571: TALOS-2023-1696 || Cisco Talos Intelligence Group

An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.

CVE-2023-22319: TALOS-2023-1701 || Cisco Talos Intelligence Group

A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-30325: ChatEngine/src/chatbotapp/chatWindow.java at fded8e710ad59f816867ad47d7fc4862f6502f3e · wliang6/ChatEngine

SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.

CVE-2023-30323: ChatEngine/src/chatbotapp/chatWindow.java at fded8e710ad59f816867ad47d7fc4862f6502f3e · wliang6/ChatEngine

SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.

CVE-2023-36968: GitHub - haxxorsid/food-ordering-system: Food or Item Order Management System

A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter.

CVE-2023-36189: Mitigate issue #5923 (Prompt injection -> SQL injection in SQLChain) by boazwasserman · Pull Request #6051 · hwchase17/langchain

SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.

CVE-2023-36813: Release Kanboard 1.2.31 · kanboard/kanboard

Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.

CVE-2023-36808: SQL injection through Computer Virtual Machine information

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory.