pgAdmin Binary Path API RCE

pgAdmin use exploit/windows/http/pgadminbinarypathapi msf exploitpgadminbinarypathapi show targets ...targets... msf exploitpgadminbinarypathapi set TARGET msf exploitpgadminbinarypathapi show options ...show and set options... msf exploitpgadminbinarypathapi exploit This module requires...

Fedora: Security Advisory (FEDORA-2024-9820d9491f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the `/settings/store` API of the pgAdmin database management tool allows a hacker to perform a cross-site scripting attack.

The vulnerability of the /settings/store API of the pgAdmin database management tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

openSUSE Security Advisory (SUSE-SU-2024:2260-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the pgAdmin 4 database management tool, related to permission handling errors, allows a hacker to execute arbitrary code.

The vulnerability of the pgAdmin 4 database management tool is related to permission handling errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-6238

pgAdmin = 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms...

CVE-2024-6238

pgAdmin = 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms...

CVE-2024-6238

Summary: CVE-2024-6238 affects pgAdmin versions up to 8.8 and is due to an installation directory permissions issue on Debian/RHEL 8, potentially allowing attackers to gain unauthorized access to the installation directory. The NVD/CNA data indicate a mix of impact metrics, including confidential...

CVE-2024-6238 pgAdmin 4 Installation Directory permission issue

pgAdmin = 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms...

CVE-2024-6238 pgAdmin 4 Installation Directory permission issue

pgAdmin = 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms...

PT-2024-4400 · Pgadmin · Pgadmin

Name of the Vulnerable Software and Affected Versions: pgAdmin versions prior to 8.8 pgAdmin 4 affected versions not specified Description: The issue is related to errors in permission handling, which can allow an attacker to gain unauthorized access to the installation directory on certain...

pgAdmin Security Vulnerabilities

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 8.8 and prior versions that stems from an installation directory permission issue that allows an attacker to gain unauthorized access to the...

SUSE CVE-2024-2044

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users' sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

SUSE CVE-2024-4215

pgAdmin = 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account's username and password may authenticate to the application and perform sensitive actions within the application, such as managing files an...

Fedora: Security Advisory (FEDORA-2024-f04c2ec90b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: pgadmin4-8.6-1.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

pgAdmin Cross-Site Scripting Vulnerability

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A cross-site scripting vulnerability exists in pgAdmin 8.5 and earlier versions, which stems from a cross-site scripting vulnerability in the /settings/store endpoint that responds to a json loa...

Cross-Site Scripting (XSS)

pgAdmin is vulnerable to a Cross-site Scripting XSS in the JSON payload of the /settings/store API response. The vulnerability arises due to inadequate input sanitization, enabling attackers to inject and execute malicious scripts on the client's side...

SUSE CVE-2024-4216

pgAdmin = 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end...

Vulnerabilities fixed in pgAdmin

Vulnerabilities have been fixed in pgAdmin. A malicious party could exploit the vulnerabilities to bypass any set two-factor authentication in order to bypass it and gain easier access gain access to the system, or to launch a Cross-Site-Scripting XSS attack. attack. Such an attack can lead to...