CVE-2024-42765

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...

OESA-2024-2054 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

CVE-2024-42765

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...

CVE-2024-42765

CVE-2024-42765 describes a SQL injection in Kashipara Bus Ticket Reservation System v1.0, triggered on the "/login.php" page via the email or password parameters due to lack of input validation. Exploitation permits remote attackers to execute arbitrary SQL and bypass login, potentially gaining u...

CVE-2024-42765

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...

CVE-2024-42783

Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manageplaylistitems.php. An attacker can execute arbitrary SQL commands via the "pid" parameter...

CVE-2024-42781

Kashipara Music Management System v1.0 suffers from a SQL injection in /music/ajax.php?action=login via the email parameter, enabling remote attackers to execute arbitrary SQL and bypass login. Documented details indicate a high-severity issue with potential data exposure and authentication bypas...

CVE-2024-42785

Kashipara Music Management System v1.0 contains a SQL injection in /music/index.php?page=view_playlist via the id parameter. The issue stems from lack of input validation, enabling an attacker to execute arbitrary SQL commands. This impacts confidentiality, integrity, and availability per the CVE...

CVE-2024-42781

A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter...

CVE-2024-42782

A SQL injection vulnerability in "/music/ajax.php?action=findmusic" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter...

CVE-2024-42785

A SQL injection vulnerability in /music/index.php?page=viewplaylist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter...

Important: postgresql15

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

OESA-2024-1977 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

PostgreSQL relation replacement during pg_dump executes arbitrary SQL

...

CVE-2024-40486

A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters...

CVE-2024-40479

A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter...

CVE-2024-40477

A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter...

CVE-2024-7348

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the R...

SUSE CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-40479

A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter...