#sql

Cloud-based malware in on the rise. In this post, we’ll cover four ways you can help secure your business against cloud-based malware. The post Cloud-based malware is on the rise. How can you secure your business? appeared first on Malwarebytes Labs.

Cloud-based malware in on the rise. In this post, we’ll cover four ways you can help secure your business against cloud-based malware. The post Cloud-based malware is on the rise. How can you secure your business? appeared first on Malwarebytes Labs.

Ubuntu Security Notice 5479-2 - USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Advanced Testimonials Manager version 5.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation.

Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

Ubuntu Security Notice 5501-1 - It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information.

DouPHP version 1.2 Release 20141027 suffers from a remote SQL injection vulnerability.