13183 matches found
Medium: postgresql94
Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 Affected Packages: postgresql...
SQL Injection
PostgreSQL is vulnerable to SQL injection. TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the improper elimination of special elements used in SQL commands, allows a malicious actor to execute arbitrary SQL queries against the database in the target system.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the improper elimination of certain elements used in SQL commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the targ...
CVE-2020-5651
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL...
Sql injection
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL...
CVE-2020-5651
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL...
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...
Aveva eDNA Enterprise SQL Injection (CVE-2020-13499; CVE-2020-13500; CVE-2020-13501)
An SQL injection vulnerability exists in Aveva eDNA Enterprise. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Hoosk CMS SQL Injection (CVE-2020-26042)
An SQL injection vulnerability exists in Hoosk CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
SQL Injection
apache-superset is vulnerable to SQL injection. The vulnerability allows an attacker to inject and execute arbitrary SQL statements using invalid column names in groupby, columns, filters, or metrics queries...
EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-2156)
According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical...
Sourcecodetester Daily Tracker System SQL Injection (CVE-2020-24193)
An SQL injection vulnerability exists in Sourcecodetester Daily Tracker System. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
SQL Injection in untitled-model
All versions of untitled-model re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation No fix is currently available. Consider using an alternative package until a fix is made availab...
CVE-2020-13127
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKSLISTpt.querystring parameter...
Sql injection
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKSLISTpt.querystring parameter...
CVE-2020-24197
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter...
Sql injection
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter...
CVE-2020-24197
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter...
postgresql: Uncontrolled search path element in logical replication
A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...
Moderate: Red Hat Security Advisory: postgresql:10 security and bug fix update
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...