PT-2023-16106 · Tuzicms · Tuzicms

Name of the Vulnerable Software and Affected Versions: TuziCMS version 2.0.6 Description: A critical issue has been found in the Article Module of TuziCMS, specifically affecting the index function of the ArticleController.class.php file. The manipulation of the id argument leads to SQL injection...

Halcyon 安全漏洞

Halcyon is a decentralized open source digital currency by John Doering's personal developer. A security vulnerability exists in ghostlander Halcyon, which originates in the function CBlock::AddToBlockIndex in the src/main.cpp file of the component Block Verification, and can be exploited by an...

PT-2023-12404 · Unknown · Ghostlander Halcyon

Name of the Vulnerable Software and Affected Versions: ghostlander Halcyon versions prior to 1.1.1.0-hal Description: A critical vulnerability has been found in ghostlander Halcyon, affecting the function CBlock::AddToBlockIndex of the file src/main.cpp in the component Block Verification. This...

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...

CVE-2020-18449

Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...

CVE-2020-18449

Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...

UKCMS 跨站脚本漏洞

Lingji Network Technology UKcms is a PHP-based content management system CMS from China's Lingji Network Technology Company. A cross-site scripting vulnerability exists in UKCMS v1.1.10, which originates from the index function in Single.php...

Privilege Escalation

PostgreSQL is vulnerable to privilege escalation. PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via...

POSCMS 'index' function arbitrary code execution vulnerability

POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. A security vulnerability exists in POSCMS version 3.2.10. An attacker can exploit the vulnerability by writing code to the api/ucsso/config.php file with the help of the 'index' functi...

CVE-2018-10235

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...

CVE-2014-9706

The buildindexfromtree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree...

CentOS 5 : postgresql (CESA-2010:0429)

Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

postgresql: SQL privilege escalation via modifications to session-local state

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain...

[ MDVSA-2009:333 ] postgresql

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:333 http://www.mandriva.com/security/ Package : postgresql Date : December 15, 2009 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 Problem Description: Multiple...

CVE-2009-4136

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain...

postgresql -- multiple vulnerabilities

PostgreSQL project reports: PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which 1...