40 matches found
CVE-2025-14180
CVE-2025-14180 affects PHP’s PDO PostgreSQL driver when using PDO::ATTR_EMULATE_PREPARES and can cause a NULL return from PQescapeStringConn on certain invalid parameter sequences, leading to a NULL pointer dereference in pdo_parse_params() and potential server crashes. Connected advisories confi...
EUVD-2025-205486
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...
Improper Neutralization
Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Improper Neutralization due to insufficient sanitization of special whitespace characters in the escapeStringWin function. An attacker can execute arbitrary code by crafting malicious inp...
PT-2025-38230
Name of the Vulnerable Software and Affected Versions: Thorium versions prior to 1.1.1 Description: Thorium does not escape user-controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data, such as group memberships. Recommendations: Update to...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Astra Linux – Vulnerability in PostgresSQL-15
Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...
PT-2025-5663 · Oatpp · Oatpp
Name of the Vulnerable Software and Affected Versions: oatpp affected versions not specified Description: The issue is related to a heap-buffer-overflow error. Technical details about the error include the escapeString function, serializeString function, and serializePairs function...
PT-2025-5666 · Oatpp · Oatpp
Name of the Vulnerable Software and Affected Versions: oatpp affected versions not specified Description: The issue is related to a heap-buffer-overflow error. Technical details about the error include the escapeUtf8Char and escapeString functions within oatpp::json::Utils, and the serializeStrin...
SUSE CVE-2009-2943
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
SUSE CVE-2017-9120
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a long string because of an Integer overflow in mysqlirealescapestring...
php: Integer overflow in mysqli_api.c:mysqli_real_escape_string()
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a long string because of an Integer overflow in mysqlirealescapestring...
Event Manager Admin panel - events_new.php SQL injection
Event Manager Admin panel - eventsnew.php SQL injection Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...
Event Manager Admin Panel events_new.php SQL Injection
Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link: https://codecanyon.net/item/eventmanager-php-script-admin-panel/21280741 Tested on: windows 10 1...
CVE-2017-8796
An issue was discovered on Accellion FTA devices before FTA912180. Because mysqlrealescapestring is misused, seos/courier/communicationp2p.php allows SQL injection with the appid parameter...
Icinga 1.3.0 / 1.4.0 Cross Site Scripting
Advisory: Cross-Site Scripting vulnerability in Icinga Advisory ID: SSCHADV2011-005 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.4.0 Vendor URL: http://www.icinga.org Vendor Status: Resolved CVE-ID: - ========================== Vulnerability Descriptio...
Re: Cross-Site Scripting vulnerability in Nagios
/ strip and from string / void striphtmlbracketschar buffer register int x; register int y; register int z; ifbuffer==NULL || buffer0=='x0' return; / remove all occurances in string / z=intstrlenbuffer; forx=0,y=0;xz;x++ ifbufferx=='' || bufferx=='' continue; buffery++=bufferx; buffery++='x0';...
DEBIAN-CVE-2009-2940
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
XSS 0DAY-vulnerability warning-the black bar safety net
See dream light out! I also do not hide! 1 0 On 7, When I sent the logs,prompting everyone! Here was the last issued byXSS WORM beginning to try to continue it. Actually very simple,is two times the transfer code. DIV STYLE="background-image: urljavascript:var XmlHttp=new ActiveXObject"Microsoft...