Lucene search
K

40 matches found

Snyk
Snyk
added 2025/11/13 1:44 p.m.3 views

Arbitrary Command Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Arbitrary Command Injection via the backup and restore processes when handling file path input with shell execution enabled. An attacker can execute arbitrary system commands by supplying specially crafted...

9.8CVSS7.8AI score0.00754EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/22 9:41 a.m.4 views

Arbitrary File Upload

Overview hillelcoren/invoice-ninja is an Invoices, expenses & time-tracking built with Laravel Affected versions of this package are vulnerable to Arbitrary File Upload via the Restore process. An attacker can execute arbitrary code on the server by uploading specially crafted .php files when...

9.1CVSS7.6AI score0.00469EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/02 4:7 a.m.7 views

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

8.8CVSS7.8AI score0.00709EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/08/28 1:46 p.m.4 views

postgresql: PostgreSQL executes arbitrary code in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious user of the PostgreSQL server to inject arbitrary code in dump files created by pgdump, pgdumpall, pgrestore, and pgupgrade, causing arbitrary code execution on the client machine or SQL injection when these dump files are...

8.8CVSS7.9AI score0.00385EPSS
Exploits0References5
Snyk
Snyk
added 2025/08/14 1:0 p.m.2 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection in the restore process via psql meta-commands inside a purpose-crafted object name. An attacker can execute arbitrary code by injecting meta commands into the file, which can be executed by an unknowing user during the...

8.8CVSS8AI score0.00385EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/14 1:0 p.m.1 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection in the restore process via psql meta-commands inside a purpose-crafted object name. An attacker can execute arbitrary code by injecting meta commands into the file, which can be executed by an unknowing user during the...

8.8CVSS7.5AI score0.00385EPSS
Exploits0References2
Veracode
Veracode
added 2024/12/09 10:27 a.m.12 views

Improper Authorization

github.com/cri-o/cri-o is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation during container restoration, allowing a malicious user to restore a pod without proper access to host mounts by exploiting the checkpoint restore process...

7.4CVSS6.6AI score0.00773EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2024/12/04 1:36 p.m.7 views

Cross-site Scripting (XSS)

Moodle is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data during the restore process, allowing malicious backup files to introduce XSS risks...

6.1CVSS5.5AI score0.00338EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/07/16 4:51 p.m.50 views

CVE-2024-6326

CVE-2024-6326 affects Rockwell Automation FactoryTalk System Service. The vulnerability arises from a lack of explicit permissions on the backup folder, allowing a local attacker who starts a backup/restore process to temporarily access sensitive data (private keys, passwords, pre‑shared keys, an...

5.5CVSS5.3AI score0.00176EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2024/01/23 6:15 p.m.5 views

CVE-2023-6573

HPE OneView may have a missing passphrase during restore...

5.5CVSS5.8AI score0.00187EPSS
Exploits0References1
Prion
Prion
added 2023/04/19 7:15 p.m.15 views

Design/Logic Flaw

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use TOCTOU vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11...

1CVSS5AI score0.0021EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.10 views

PT-2023-2531 · Avg +1 · Avg Antivirus +1

Name of the Vulnerable Software and Affected Versions: Avast Antivirus versions prior to 22.11 AVG Antivirus versions prior to 22.11 Description: The issue is related to a Time-of-check/Time-of-use TOCTOU vulnerability in the restore process, leading to arbitrary file creation. This vulnerability...

6.5CVSS4.8AI score0.0021EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.3 views

SUSE CVE-2012-0868

CRLF injection vulnerability in pgdump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQ...

6.8CVSS8.6AI score0.0257EPSS
Exploits1References8
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.7 views

Moodle 访问控制错误漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a security vulnerability that stems from inappropriate access restrictions in the process when restoring role...

7.5CVSS6.5AI score0.01588EPSS
Exploits0References7
Veeam
Veeam
added 2020/04/07 4:10 p.m.16 views

Restore a deleted vCenter Server Appliance (VCSA) with High Availability (HA) enabled

Challenge You need to restore a vCenter Server Appliance VCSA with the original name and to the original location. Before the VCSA got corrupted or was deleted, High Availability HA was enabled in the VMware cluster. If HA remains active at the ESXi host level during the restore process, HA can...

7AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2019/11/24 12:0 a.m.94 views

Security update for apache2-mod_perl (moderate)

openSUSE Security Update: Security update for apache2-modperl Announcement ID: openSUSE-SU-2019:2558-1 Rating: moderate References: 1091625 1156944 Cross-References: CVE-2011-2767 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that solves one vulnerability an...

10CVSS9.4AI score0.08946EPSS
Exploits0References2
Veeam
Veeam
added 2017/11/20 4:25 p.m.16 views

Restoring GPT Disk to Incompatible Legacy BIOS System

Challenge After selecting a restore point during the bare metal restore configuration, the following message pops up: OS disk in backup uses GPT disk. This may cause boot issues on BIOS systems. If this is ignored and the restore process completes, the following may happen when the restored machi...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/12/08 4:6 p.m.19 views

mysql: Incorrect input validation allowing code execution via mysqldump

It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...

6.6CVSS7.5AI score0.0264EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/12/08 4:5 p.m.3 views

mysql: Incorrect input validation allowing code execution via mysqldump

It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...

7.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2016/05/31 3:21 p.m.10 views

SandJacking Attack Puts iOS Devices At Risk to Rogue Apps

Apple has yet to patch a vulnerability disclosed during last week’s Hack in the Box hacker conference in Amsterdam that allows an attacker with physical access—even on the latest versions of iOS—to swap out legitimate apps with malicious versions undetected on the device. Researcher Chilik Tamir ...

0.3AI score
Exploits0References5
Rows per page
Query Builder