pgAdmin failed to properly control the server code

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an...

CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

Design/Logic Flaw

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

CVE-2023-5002 Pgadmin4: remote code execution by an authenticated user

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

CVE-2023-5002

CVE-2023-5002 affects pgAdmin’s server HTTP API where path validation for external PostgreSQL utilities (e.g., pg_dump/pg_restore) was insufficient. An authenticated user could cause the server to execute arbitrary commands due to improper control of server-side code. Reports across multiple sour...

CVE-2023-5002 Pgadmin4: remote code execution by an authenticated user

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...

Path Traversal

org.graylog, graylog-project-parent is vulnerable to Path Traversal. The vulnerability exists because it does not properly validate user input in the HTTP API resource, which allows an attacker to overwrite or modify sensitive files in the system...

CVE-2023-41044

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

Path traversal

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044

Graylog exposes a partial path traversal vulnerability in its Support Bundle feature (requires valid Admin credentials). The issue stems from improper input validation in an HTTP API resource, allowing reading or deleting files under sibling directories of the support-bundle directory (data_dir d...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-37862

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service...

Graylog server has partial path traversal vulnerability in Support Bundle feature

A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Thanks to weiweiwei9811 for reporting this vulnerability and providing detailed information. Impact Graylog's Support Bundle...

Markdown injection into github comment

Description Users can donate for builds by tipping [email protected]. There's a github action that will thank the user in a comment. The name is not sanitized and by using one such as the following, attackers can inject their own markdown into the comment. foo The "" breaks out of the context,...

CVE-2023-30612

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

AZL-26278 CVE-2023-30612 affecting package cloud-hypervisor for versions less than 31.1-1

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...