CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

EUVD-2011-1909

Malware in sbrugna...

EZSA-2018-007 User data disclosure

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-007-user-data-disclosure...

Debian DLA-432-1 : postgresql-8.4 update

Several bugs were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains fixes that were applied upstream to the 9.1.20 version, backported to 8.4.22 which was the last version...

Debian DLA-252-1 : postgresql-8.4 update

Several bugs were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains the fixes that were applied upstream to the 9.0.22 version, backported to 8.4.22 which was the last version...

DLA-252-1 postgresql-8.4 - bugfix update

Bulletin has no description...

Cross site request forgery (csrf)

JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via a brute-force approach...

CVE-2011-1911

CVE-2011-1911 affects JasperReports Server Community Project (JasperServer) versions 3.7.0 and 3.7.1. The root cause is a predictable _flowExecutionKey parameter, enabling CSRF via brute-forcing across requests. Impact described includes the ability for an attacker, tricking an authenticated user...