13181 matches found
postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...
Important: Red Hat Security Advisory: postgresql security update
An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2024-43776
SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter...
CVE-2024-43772
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter...
CVE-2024-43773
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter...
CVE-2024-7871
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter...
CVE-2024-43775
SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter...
CVE-2024-43776 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter...
CVE-2024-43776
This CVE (CVE-2024-43776) concerns a SQL Injection vulnerability in the mock exam function of Easytest Online Test Platform, version 24E01 and earlier. The flaw allows remote authenticated users to execute arbitrary SQL via the qlevel parameter. Affected component: mock exam function; underlying ...
CVE-2024-43775
The CVE-2024-43775 affects Easytest Online Test Platform versions 24E01 and earlier. The vulnerability is a SQL Injection in the search course titles function, exploitable by remote authenticated users through the search parameter, enabling arbitrary SQL commands. Evidence from multiple sources c...
CVE-2024-43774 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter...
CVE-2024-43773 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter...
CVE-2024-43773 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter...
CVE-2024-43773
CVE-2024-43773 affects Easytest Online Test Platform versions 24E01 and earlier. The vulnerability is a SQL injection in the download class learning course function, exploitable via the cstr parameter, enabling remote attackers to execute arbitrary SQL commands. Impact details are described as po...
CVE-2024-43772 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter...
CVE-2024-43772
The Easytest Online Test Platform (Huachu) contains an SQL injection in the download student learning course function, exploitable via the uid parameter in versions prior to 24E01. Impact: remote arbitrary SQL execution and potential data access/modification. Mitigation: upgrade to version 24E01 ...
CVE-2024-43772 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter...
CVE-2024-7871
CVE-2024-7871: SQL Injection in the online dictionary function of Easytest Online Test Platform (versions 24E01 and earlier). Root cause: vulnerable handling of the word parameter enables arbitrary SQL execution by remote authenticated users. Impact notes (from CVSS): high confidentiality, integr...
SQL Injection
centreon/centreon is vulnerable to SQL Injection. The vulnerability is due to improper input validation in the service configuration functionality, which allows attackers to execute arbitrary SQL commands through specially crafted inputs...
postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...