5987 matches found
CVE-2018-13318
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...
CVE-2018-19410
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges including administrator. A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local...
kernel: Integer overflow in Linux's create_elf_tables function
An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...
PostgreSQL 9.3.x < 9.3.25 / 9.4.x < 9.4.20 / 9.5.x < 9.5.15 / 9.6.x < 9.6.11 / 10.x < 10.6 / 11.x < 11.1 SQL injection
The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.25, 9.4.x prior to 9.4.20, 9.5.x prior to 9.5.15, 9.6.x prior to 9.6.11, 10.x prior to 10.6, or 11.x prior to 11.1. It is, therefore, affected by following vulnerability: - An SQL injection SQLi vulnerability exists in...
kernel: Integer overflow in Linux's create_elf_tables function
An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...
kernel: Integer overflow in Linux's create_elf_tables function
An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...
kernel: Integer overflow in Linux's create_elf_tables function
An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c
The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
Sql injection
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
CVE-2018-16850
CVE-2018-16850 affects PostgreSQL before versions 11.1 and 10.6, vulnerable to an SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. A specially crafted trigger definition can allow an attacker to execute arbitrary SQL statements with superuser privileges. The vulnerabili...
CVE-2018-16850
Removed by vendor...
CVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges...
FreeBSD : PostgreSQL -- SQL injection in pg_upgrade and pg_dump (1c27a706-e3aa-11e8-b77a-6cc21735f730)
The PostgreSQL project reports : CVE-2018-16850: SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during ...
Vulnerability in core server (CVE-2018-16850)
SQL injection in pgupgrade and pgdump, via CREATE TRIGGER ... REFERENCING...