Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005349 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database...

MiracleLinux 7 : php-5.4.16-48.0.8.el7.AXS7 (AXSA:2025-10753:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10753:07 advisory. CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases CVEs:...

CLSA-2025-1753982448 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

CLSA-2025-1753953101 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

PT-2025-21492 · WordPress · Mapfig Studio Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MapFig Studio WordPress plugin versions 0.2.1 and earlier Description: The issue concerns a lack of CSRF check in some areas of the plugin, along with missing sanitization and escaping. This could allow attackers to make logged-in admins...

OESA-2025-1228 libpq security update

PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...

SUSE CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

AZL-56791 CVE-2025-1094 affecting package postgresql for versions less than 14.16-1

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

UBUNTU-CVE-2025-1094

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the...

PT-2025-22574 · Astra Linux +5 · Astra Linux Special Edition +5

Уязвимость функций PQescapeLiteral, PQescapeIdentifier, PQescapeString и PQescapeStringConn библиотеки libpq системы управления базами данных PostgreSQL связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить...

Exposure of home directory through shescape on Unix with Bash

Impact The issue allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zsh, are not affected. javascript const cp = require"childprocess"; cons...

DEBIAN-CVE-2016-7167

Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...

UBUNTU-CVE-2016-7167

Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...

FreeBSD : cURL -- Escape and unescape integer overflows (b018121b-7a4b-11e6-bf52-b499baebfeaf)

The cURL project reports The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The provided string length arguments were not properly checked...

mysql-lite-administrator XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt Vendor: ============================================= code.google.com/p/mysql-lite-administrator Product:...

USN-870-1: PyGreSQL vulnerability

Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL's safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL's escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Becau...

[SECURITY] [DSA 954-1] New wine packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 954-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 25th, 2006 http://www.debian.org/security/faq -...

PHP 4.3.x - Microsoft Windows Shell Escape functions Command Execution

source: https://www.securityfocus.com/bid/10471/info PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments. This issue might allow an attacker to execute arbitrary shell commands on...