#sql

Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.

9 months ago

#sql #vulnerability #mac #windows #google #java #php #auth #firefox

GHSA-p6w9-r443-r752: Shopware vulnerable to blind SQL-injection in DAL aggregations

### Impact The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using SQL parameters. ### Patches Update to Shopware 6.6.5.1 or 6.5.8.13 ### Workarounds For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. ### Credit [LogicalTrust](https://logicaltrust.net)

9 months ago

ghsa

Open in Source

#sql #git

GHSA-pv4p-cwwg-4rph: Django SQL injection vulnerability

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

9 months ago

ghsa

Open in Source

#sql #vulnerability #js #git

WordPress PayPlus Payment Gateway SQL Injection

WordPress PayPlus Payment Gateway plugin versions prior to 6.6.9 suffer from a remote SQL injection vulnerability.

9 months ago

Packet Storm

Open in Source

#sql #vulnerability #web #windows #apple #wordpress #chrome #webkit

Red Hat Security Advisory 2024-5056-03

Red Hat Security Advisory 2024-5056-03 - Red Hat Integration Camel K 1.10.7 release and security update is now available.

9 months ago

Packet Storm

Open in Source

#sql #vulnerability #red_hat #js #postgres

Covid-19 Directory On Vaccination System 1.0 Insecure Settings

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

9 months ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

eduAuthorities 1.0 SQL Injection

eduAuthorities version 1.0 suffers from a remote SQL injection vulnerability.

9 months ago

Packet Storm

Open in Source

#sql #vulnerability #web #php #auth

Concert Ticket Reservation System 1.0 SQL Injection

Concert Ticket Reservation System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

9 months ago

Packet Storm

Open in Source

#sql #vulnerability #windows #google #java #php #auth #firefox

Computer Laboratory Management System 1.0 Insecure Settings

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

9 months ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection. "This threat is

9 months ago

The Hacker News

Open in Source

#sql #ios #android #google #git #zero_day #wifi #The Hacker News

Tag

#sql