#sql

# Impact SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. Users that do not override the query mode are not impacted. # Exploitation To exploit this behavior the following conditions must be met: 1. A placeholder for a numeric value must be immediately preceded by a minus (i.e. `-`) 1. There must be a second placeholder for a string value after the first placeholder on the same line. 1. Both parameters must be user controlled. The prior behavior of the driver when operating in simple query mode would inline the negative value of the first parameter and cause the resulting line to be treated as a `--` SQL comment. That would extend to the beginning of the next parameter and cause the quoting of that parameter to be consumed by the comment line. If that string parame...

Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.

### Impact A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. ### Patches The problem is patched in version 1.2.17 of the LRS library and [version 0.7.5 of SQL LRS](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5). ### Workarounds No workarounds exist, we recommend upgrading to version 1.2.17 of the library or version 0.7.5 of SQL LRS immediately. ### References * [LRS Tag](https://github.com/yetanalytics/lrs/releases/tag/v1.2.17) * [LRS lib on Clojars](https://clojars.org/com.yetanalytics/lrs/versions/1.2.17) * [SQL LRS 0.7.5 Release](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5)

Welcome to part 4 of this miniseries on the concept of Environment as a Service. As discussed in part one, an environment comprises everything that is needed to run an application and, in a kubernetes-centric platform, it starts with the provisioning of a namespace.Sometimes, though, we need components and configurations to exist outside of our namespace for our applications to run properly.These external configurations may involve everything from external global load balancers, external firewalls, provisioning of certificates from external PKI’s, and more… just to name a few. Sometimes, t

Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

Red Hat Security Advisory 2024-0894-03 - An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

User Registration and Login and User Management System version 3.1 suffers from a remote SQL injection vulnerability.