PostgreSQL TOCTOU Vulnerability (Aug 2024) - Windows

PostgreSQL is prone to a time-of-check time-of-use TOCTOU race condition vulnerability in pgdump. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

CVE-2024-40479

Kashipara Online Exam System v1.0 is affected by a SQL injection vulnerability in /admin/quizquestion.php, exploitable via the eid parameter. The underlying issue allows remote attackers to execute arbitrary SQL commands. Documents do not provide a confirmed patch version; a PT Security advisory ...

DEBIAN-CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

AZL-47690 CVE-2024-7348 affecting package postgresql for versions less than 14.13-1

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

AZL-47636 CVE-2024-7348 affecting package postgresql for versions less than 16.4-1

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

ALPINE-CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

UBUNTU-CVE-2024-7348

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

CVE-2024-40486

A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters...

PT-2024-28871 · Unknown · Kashipara Live Membership System

Name of the Vulnerable Software and Affected Versions: Kashipara Live Membership System version 1.0 Description: A SQL injection vulnerability in the "/index.php" page of Kashipara Live Membership System allows remote attackers to execute arbitrary SQL commands and bypass login via the email or...

CVE-2024-40486

A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters...

CVE-2024-28298

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...

CVE-2024-28297

SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2024-28298

CVE-2024-28298 is a SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1. Authenticated users can pass crafted values to /BMServerR.dll/BMRest via parameters such as SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, and DOS_IDF to execute arbitrary SQL commands. Public references (NVD/Red Hat/CVE record...

AzureSoft MyHorus 安全漏洞

AzureSoft MyHorus is a global supervisory system from AzureSoft, Inc. A security vulnerability exists in AzureSoft MyHorus version 4.3.5 that stems from the presence of a SQL injection vulnerability that allows an authenticated user to execute arbitrary SQL commands via an unspecified vector...

CVE-2024-28298

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...

The vulnerability of the setgeneral.php file in the Tailoring Management System (TMS) allows a hacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.

The vulnerability of the setgeneral.php file in the Tailoring Management System TMS involves a lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause ...

Learning Management System SQL Injection Vulnerability (CNVD-2024-35193)

Learning Management System is itsourcecode open source a learning management system . Learning Management System version 1.0 suffers from a SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statements . Attackers can use this...

Payroll Management System SQL Injection Vulnerability

Payroll Management System is a payroll management system. A SQL injection vulnerability exists in Payroll Management System version 1.0, which stems from the application's lack of validation of externally entered SQL statements. A remote attacker can exploit this vulnerability to execute arbitrar...