Tuleap SQL注入漏洞

Tuleap is an application lifecycle management system that facilitates agile software development, design projects, V-models, requirements management, and IT service management. SQL injection vulnerabilities exist in versions of Tuleap prior to 13.9.99.95, which stem from a failure of Tuleap to...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

SAP NetWeaver J2EE Engine SQL Injection (CVE-2016-2386)

An SQL injection vulnerability exists in SAP NetWeaver J2EE Engine. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

Virtua Software Cobranca 12S SQL Injection

Exploit Title: Virtua Software Cobranca 12S - SQLi Shodan Query: http.favicon.hash:876876147 Date: 13/08/2021 Exploit Author: Luca Regne Vendor Homepage: https://www.virtuasoftware.com.br/ Software Link: https://www.virtuasoftware.com.br/downloads/Cobranca12S1308.exe Version: 12S Tested on: Windo...

CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

Sql injection

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

CVE-2021-41654

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php...

WUZHI CMS SQL注入漏洞

WUZHI CMS is a PHP and MySQL-based open source content management system CMS from WUZHI. v4.1.0 of WUZHI CMS is vulnerable to SQL injection, which can be exploited to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php. parameter in...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

AlmaLinux 8 : postgresql:10 (ALSA-2022:4805)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4805 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...

AlmaLinux 8 : postgresql:12 (ALSA-2022:4807)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4807 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block directly...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

SUSE SLED15 / SLES15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1908-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

ROS-20220530-02

Vulnerabilities in the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck components of the PostgreSQL database management system are related to a maintenance error in one component. pgamcheck components of PostgreSQL database management system are related to...

SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2022:1874-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1874-1 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another...

GHSA-QVW9-6567-WQ78 MunkiReport reportdata module SQL injection vulnerability

A SQL injection vulnerability in reportdatacontroller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint...

powermail extension for TYPO3 vulnerable to SQL Injection

SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

GHSA-69VW-JFQ7-935G PyWebDAV SQL Injection vulnerability

Multiple SQL injection vulnerabilities in the getuserinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the 1 user or 2 pw argument. NOTE: some of these details are obtained from third party...