83 matches found
CVE-2023-3262
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...
Dataprobe Trust Management Issue Vulnerability
Dataprobe is a line of intelligent power switches and management products from Dataprobe, Inc. in the United States. A security vulnerability exists in Dataprobe iBoot PDU version 1.43.03312023 and prior versions, which stems from the use of hard-coded credentials to interact with the internal...
ManageEngine SupportCenter Plus < 14.0 Build 14000 Privilege Escalation
The version of ManageEngine SupportCenter Plus prior to 14.0 Build 14000 is running on the remote web server. It is, therefore, affected by the following: - A privilege escalation vulnerability in query reports. This vulnerability allows an attacker to gain access to restricted data in a Postgres...
ManageEngine ServiceDesk Plus < 14.0 Build 14104 Multiple Vulnerabilities
The version of ManageEngine ServiceDesk Plus running on the remote host is prior to 14.0 Build 14104. It is, therefore, affected by multiple vulnerabilities, including the following: - A Denial of Service vulnerability in image upload allows an attacker to exploit the way an API method allocates...
K19150034: PHP vulnerabilities CVE-2022-31625, CVE-2022-31626
Security Advisory Description CVE-2022-31625 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers...
SUSE CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
Oracle Linux 9 : php (ELSA-2022-8197)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8197 advisory. 8.0.20-3 - snmp3 calls using authPriv or authNoPriv immediately return false 2104630 8.0.20-2 - fix patch41 not applied use system nikic/php-parser whe...
CVE-2022-34434
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...
Improper access control
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...
CVE-2022-34434
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...
Cloud Mobility for Dell EMC Storage 安全漏洞
Cloud Mobility for Dell EMC Storage is a Dell USA feature that supports the transfer, storage and access of volume snapshot copies between compatible local Dell EMC storage devices and public cloud object storage. An access control error vulnerability exists in Cloud Mobility for Dell EMC Storage...
UPchieve: Postgres Admin Username and Password in Plain text
Summary: Gitlab commit contains password in plain text Steps To Reproduce: Navigate to https://gitlab.com/upchieve/subway/-/commit/e0e039496321c9d62a591504d387589224660a5c Supporting Material/References: Recommendations for Fixing/Mitigation Do not disclose passwords in gitlab. Implement a check...
Common Cloud Misconfigurations Exploited in Minutes, Report
Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28(不含) - 2.2 到 2.2.10(不含) - 3.0 到 3.0.3(不含) 下载使用前需要如下操作: 1. 安装 django 漏洞版本,我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...
Important: Red Hat Security Advisory: postgresql:9.6 security update
An update for the postgresql:9.6 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
Code injection
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 is affected by an eval-injection vulnerability that an attacker with privilege and access to write to the PostgreSQL database can exploit by crafting a custom profile field value. The root cause is the ability to inject and evaluate code via a crafted value stored in...