12 matches found
CVE-2026-35586
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...
EUVD-2014-0153
Malware in sbrugna...
SUSE CVE-2014-0060
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
Buffer overflow
OXID eShop Community Edition before 6.0.0 RC3 development, 4.10.x before 4.10.6 maintenance, and 4.9.x before 4.9.11 legacy, Enterprise Edition before 6.0.0 RC3 development, 5.2.x before 5.2.11 legacy, and 5.3.x before 5.3.6 maintenance, and Professional Edition before 6.0.0 RC3 development, 4.9....
CVE-2017-14993
OXID eShop Community Edition before 6.0.0 RC3 development, 4.10.x before 4.10.6 maintenance, and 4.9.x before 4.9.11 legacy, Enterprise Edition before 6.0.0 RC3 development, 5.2.x before 5.2.11 legacy, and 5.3.x before 5.3.6 maintenance, and Professional Edition before 6.0.0 RC3 development, 4.9....
Glype Proxy 1.4.9 Cookie Jar Path Traversal / Code Execution / Filter Bypass
A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected. Glype Proxy version 1.4.9 suffers from a local address filer bypass...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
Vulnerability in core server (CVE-2014-0060)
SET ROLE bypasses lack of ADMIN OPTION...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
Project admin is presented with an option to select a Screen Scheme
The option of changing the scheme should only be given to the global admins...