MGASA-2020-0432 Updated postgresql packages fix security vulnerabilities

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...

GaussDB Kernel: Controlling the Permission to Execute the SECURITY INVOKER Function

The SECURITY INVOKER function is executed with the permissions of the invoker. Before invoking a function not created by yourself, check the function content to prevent the function creator from performing unauthorized operations with your Permissions. Copyright C 2020 Greenbone Networks GmbH Som...

grub2: Use-after-free redefining a function whilst the same function is already executing

GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2...

Shenzhen Xunlei Network Technology Co., Ltd. Xunlei online game gas pedal has dll hijacking vulnerabilities

Xunlei online game gas pedal is Xunlei company launched a special software for the majority of online game players. Shenzhen Xunlei Network Technology Co., Ltd Xunlei online game gas pedal dll hijacking vulnerability, attackers can use the loophole in the client process to inject executable DLL...

DLL hijacking vulnerability in Mint Accelerator of Wuhan Mint Technology Co.

Mint Accelerator is a network acceleration software designed to enhance cross-region game acceleration, web browsing, music appreciation, and video viewing. Wuhan Mint Technology Co. Mint Accelerator suffers from a DLL hijacking vulnerability, which can be exploited by an attacker to inject an...

CVE-2020-7625

op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function...

VulnCheck KEV: CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

CC Live pc client software suffers from DLL hijacking vulnerability

NetEase cc live is a free voice client software launched by NetEase, it can bring the majority of online chat entertainment enthusiasts and gamers more convenient voice services. CC live pc client software DLL hijacking vulnerability, allowing attackers to exploit the vulnerability in the client...

CVE-2019-0389

An administrator of SAP NetWeaver Application Server Java J2EE-Framework, corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5, may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise...

SUSE-SU-2019:2158-1 Security update for postgresql94

This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

Command execution vulnerability in wps2019 personal pc client software

WPS Office official website is Kingsoft's office software learning and sharing site, is permanently free of charge to the individual domestic office software. Software PC client can allow attackers to inject executable DLL files in the client process. Execute any function...

Design/Logic Flaw

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware aka Spectrum Protect for Virtual Environments 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware aka...

CVE-2015-7425

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware aka Spectrum Protect for Virtual Environments 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware aka...

Mac OS X EFI Function Execution Vulnerability (EFI Security Update 2015-002)

The remote Mac OS X host is running an EFI firmware version that is affected by a function execution vulnerability due to an issue with handling EFI arguments. An unauthenticated, remote attacker can exploit this to execute arbitrary functions via unspecified vectors. TRUSTED...

SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8

Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version: 1.4.9 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09 Public Disclosure: 2015-07-10 SQL Injection...

Internet Bug Bounty: php_stream_url_wrap_http_ex() type-confusion vulnerability

https://bugs.php.net/bug.php?id=69337 Description: ------------ phpstreamurlwraphttpex creates a $httpresponseheader array variable in the local execution scope which may be the global scope. Then it gets a pointer to this variable, and throughout the function's execution accesses it multiple...

WordPress Marketplace 2.4.0 Add Administrator

!/usr/bin/python Exploit Name: WP Marketplace 2.4.0 Remote Command Execution Vulnerability discovered by Kacper Szurek http://security.szurek.pl Exploit written by Claudio Viviani -------------------------------------------------------------------- The vulnerable function is located on...

Pligg CMS 1.1.3 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became...

Pligg CMS 1.1.3 - Multiple Vulnerabilities

Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became evailable; patching took 7 days:...

Pligg CMS 1.1.3 - Multiple Vulnerabilities

Pligg CMS 1.1.3 - Multiple Vulnerabilities Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became evailable;...