Important: postgresql92

Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 A flaw was found in postgresq...

Metinfo MetInfo SQL注入漏洞

Metinfo MetInfo is a content management system CMS developed by China Mito Metinfo using PHP and Mysql. A SQL injection vulnerability exists in index.php in Metinfo 7.0.0beta, which arises from a database-based application that lacks validation of externally entered SQL statements. An attacker ca...

The vulnerability of the /core/feeds/custom.php component of the BigTree CMS content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the /core/feeds/custom.php component of the BigTree CMS content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Synology Media Server SQL Injection Vulnerability (CNVD-2021-39027)

Synology Media Server is a media server. A SQL injection vulnerability exists in the cgi component of Synology Media Server before 1.8.1-2876, which can be exploited by an attacker to execute arbitrary SQL commands via an unspecified vector...

Rockwell Automation FactoryTalk AssetCentre SQL注入漏洞

Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. An SQL injection vulnerability exists in Rockwell Automation FactoryTal...

Online BookStore SQL Injection Vulnerability

Online BookStore is an online bookstore program. There is a sql injection vulnerability in Online Book Store v1.0. The vulnerability is caused by the id parameter in detail.php not filtering special characters, and an attacker can execute arbitrary SQL statements through this vulnerability...

Sourcecodester Seat-Reservation-System SQL注入漏洞

Seat-Reservation-System is a seat reservation system. A sql injection vulnerability exists in Seat-Reservation-System 1.0. The vulnerability is caused due to the id and file parameters in the index.php file not being input/output filtered for special characters. An attacker can exploit this...

The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...

DEBIAN-CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

Medium: postgresql94

Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 Affected Packages: postgresql...

Munkireport reportdata SQL Injection Vulnerability

Munkireport is a reporting tool for the Munki software management program. reportdata is one of the widget modules. A SQL injection vulnerability exists in the reportdatacontroller.php file in MunkiReport prior to version 3.5. The vulnerability can be exploited to execute arbitrary SQL commands...

PHP-Fusion has multiple vulnerabilities Vulnerabilities

PHP-Fusion is a lightweight open source content management system . It uses mySQL database to store site content and provide a simple , comprehensive back-end management system . PHP-Fusion includes most of the CMS system has the functionality . PHP-Fusion has PHP object injection and SQL injecti...

Wordpress LearnPress SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.LearnPress is a learning management system plugin used in it. A SQL injection vulnerability exists in Wordpress LearnPress...

SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:2707-1)

This update for postgresql10 fixes the following issues : Security issue fixed : CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. Note that Tenable Network Security has extracted the preceding description blo...

SUSE-SU-2019:2707-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

SUSE-SU-2019:2159-1 Security update for postgresql96

This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

openSUSE: Security Advisory for postgresql10 (openSUSE-SU-2019:2062-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES12 Security Update : postgresql96 (SUSE-SU-2019:2159-1)

This update for postgresql96 fixes the following issues : Security issue fixed : CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. Note that Tenable Network Security has extracted the preceding description blo...

MGASA-2019-0225 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

PostgreSQL 9.4.x < 9.4.24 / 9.5.x < 9.5.19 / 9.6.x < 9.6.15 / 10.x < 10.10 / 11.x < 11.5 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.4.x prior to 9.4.24, 9.5.x prior to 9.5.19, 9.6.x prior to 9.6.15, 10.x prior to 10.10, or 11.x prior to 11.5. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability that allows an attacker to execute...