Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-25689: Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618.

CVE
Open in Source
#sql#vulnerability#windows#linux#dos#auth#ibm
GHSA-ppxm-q2h4-v7mm: Teampass SQL Injection vulnerability

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.

CVE-2023-1153

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22.

CVE-2023-1545

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

CVE-2012-10009: Check for sql injection by '"; · wp-plugins/404like@2c4b589

A vulnerability was found in 404like Plugin up to 1.0.2. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404.

CVE-2023-0875

The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.

CVE-2023-0631

The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

CVE-2023-0630

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.

Red Hat Security Advisory 2023-1303-01

Red Hat Security Advisory 2023-1303-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 7.3.10 replaces Data Grid 7.3.9 and includes security fixes. Issues addressed include code execution and deserialization vulnerabilities.

101+ News Portal 1.0 SQL Injection

101+ News Portal version 1.0 suffers from a remote blind SQL injection vulnerability.