CVE-2019-13191

A SQL injection vulnerability in IntraMaps MapControl 8 allows attackers to execute arbitrary SQL commands via the /ApplicationEngine/Search/Refine/Set page...

openSUSE: Security Advisory for postgresql10 (openSUSE-SU-2019:2062-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-11363

A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter...

CVE-2019-11363

A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter...

CVE-2019-14314

A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via...

SQL Injection

GORM is vulnerable to sql injection attacks. The attacks are possible because the library does not properly check for incomplete parentheses, allowing remote attackers to inject and execute arbitrary SQL...

Joomla FireBoard 1.1.3 SQL Injection

Exploit Title : Joomla 1.5.26 ComFireBoard Components 1.1.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 24/08/2019 Vendor Homepage : fireboard.bestofjoomla.com Software Information Link : infosolutionsgoa.com/cms/fireboard-forum-joomla.html...

WordPress booking-calendar-contact-form plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress booking-calendar-contact-form plugin. An attacker can...

SUSE SLES12 Security Update : postgresql96 (SUSE-SU-2019:2159-1)

This update for postgresql96 fixes the following issues : Security issue fixed : CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. Note that Tenable Network Security has extracted the preceding description blo...

GLSA-201908-09 : SQLite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201908-09 SQLite: Multiple vulnerabilities Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could, by executing arbitrary SQL...

Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

MGASA-2019-0225 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

Zoho ManageEngine Application Manager SQL Injection Vulnerability (CNVD-2019-34851)

Zoho ManageEngine Application Manager is an application monitoring and management system from Zoho. The system is mainly used to monitor server and application performance. A SQL injection vulnerability exists in Zoho ManageEngine Application Manager. An attacker can exploit this vulnerability to...

PostgreSQL 9.4.x < 9.4.24 / 9.5.x < 9.5.19 / 9.6.x < 9.6.15 / 10.x < 10.10 / 11.x < 11.5 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.4.x prior to 9.4.24, 9.5.x prior to 9.5.19, 9.6.x prior to 9.6.15, 10.x prior to 10.10, or 11.x prior to 11.5. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability that allows an attacker to execute...

WordPress simple-login-log plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. simple-login-log is a user login logging plugin used in it. A SQL injection vulnerability exists in the WordPress simple-login-log...

Debian DLA-1874-1 : postgresql-9.4 security update

CVE-2019-10208: TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Versions Affected: 9.4 - 11 Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function,...

Ubuntu 16.04 LTS / 18.04 LTS : PostgreSQL vulnerabilities (USN-4090-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4090-1 advisory. Tom Lane discovered that PostgreSQL did not properly restrict functions declared as SECURITY DEFINER. An attacker could use this to execute...

Debian: Security Advisory (DLA-1874-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PostgreSQL SQL Injection Vulnerability

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A SQL injection vulnerability exists in PostgreSQL versions 9.4...

CVE-2019-10208

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. Mitigation If your use case requires SECURITY DEFINER...