SUSE-SU-2024:0540-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.11: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY bsc1219679...

FreeBSD : postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL (19e6dd1b-c6a5-11ee-9cd0-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 19e6dd1b-c6a5-11ee-9cd0-6cc21735f730 advisory. - Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator ...

CVE-2024-0985

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

Tuleap 跨站脚本漏洞

Tuleap is an open source application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A cross-site scripting vulnerability exists in Tuleap that stems from not properly escaping the contents of...

PT-2023-26993 · Unknown · Tuleap Community Edition +1

Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 14.11.99.28 Tuleap Enterprise Edition versions prior to 14.10-6 Tuleap Enterprise Edition versions prior to 14.11-3 Description: The issue arises from content not being properly escaped in the "card...

Tuleap 安全漏洞

Tuleap is an open source application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap that stems from the presence of a privilege control error issue...

CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

WordPress Symposium 14.11 /server/php/index.php 文件上传漏洞

No description provided by source...

WordPress Symposium Plugin 14.10 - SQL Injection

This WordPress Symposium plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update to version 14.11...

WordPress Plugin Symposium 14.10 - SQL Injection

WordPress Plugin Symposium 14.10 - SQL Injection Exploit Title: WP Symposium 14.10 SQL Injection Date: 22-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://downloads.wordpress.org/plugin/wp-symposium.14.10.zip Category: webap...

WordPress Plugin Symposium 14.10 - SQL Injection

Exploit Title: WP Symposium 14.10 SQL Injection Date: 22-10-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://downloads.wordpress.org/plugin/wp-symposium.14.10.zip Category: webapps CVE: CVE-2014-8810 1. Description $POST'tray' ...