Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2017-20080: Offensive Security’s Exploit Database Archive

A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE
Open in Source
#sql#vulnerability#web#google#php#auth
5 Reasons You Should Learn About Cyber Security

By Owais Sultan In this technological era, the world has been converted into a global village with everything connected to everything.… This is a post from HackRead.com Read the original post: 5 Reasons You Should Learn About Cyber Security

CVE-2022-1905

The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

CVE-2022-1472

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection

CVE-2022-26669: ASUS Control Center - SQL Injection

ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.

phpIPAM 1.4.5 Remote Code Execution

phpIPAM version 1.4.5 suffers from an authenticated remote code execution vulnerability.

Old Age Home Management System 1.0 SQL Injection

Old Age Home Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Ubuntu Security Notice USN-5479-1

Ubuntu Security Notice 5479-1 - Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2022-34006

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\SYSTEM, aka NX-I674 (sub-issue 2).

ChurchCRM 4.4.5 SQL Injection

ChurchCRM version 4.4.5 suffers from a remote SQL injection vulnerability.