FreeBSD : PostgreSQL -- two vulnerabilities (96eab874-9c79-11e8-b34b-6cc21735f730)

The PostgreSQL project reports : CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state...

Updated mariadb packages fix security vulnerabilities

Updated mariadb packages fix security vulnerabilities: Vulnerability in the MariaDB Server component of MariaDB subcomponent: MyISAM. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this...

ALPINE-CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

CVE-2018-10925

Removed by vendor...

CVE-2018-10925

CVE-2018-10925 affects PostgreSQL before certain fixed releases: 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24. The flaw: failure to properly authorize certain INSERT ... ON CONFLICT DO UPDATE statements. An attacker with CREATE TABLE privileges (and potentially INSERT/limited UPDATE privileges on a t...

CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

UBUNTU-CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

PostgreSQL -- two vulnerabilities

The PostgreSQL project reports: CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variabl...

Cross site request forgery (csrf)

In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise HCM Human Resources Component (CNVD-2019-38811)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise HCM Human Resources is one of the human resource management components...

OpenSID Cross-Site Request Forgery Vulnerability

OpenSID is a village information management system developed by the SID community. A cross-site request forgery vulnerability exists in index.php/manuser/insert URI in OpenSID version 18.06-pasca, which can be exploited by an attacker to add an administrator-level account...

Cross site request forgery (csrf)

OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...

CVE-2018-13040

OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account at the admin level via the index.php/manuser/insert URI...

UBUNTU-CVE-2018-10945

The mghandlecgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash, or NULL pointer dereference via an HTTP request, related to the mbufinsert function...

DEBIAN-CVE-2018-10945

The mghandlecgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash, or NULL pointer dereference via an HTTP request, related to the mbufinsert function...

Event Manager Admin panel - events_new.php SQL injection

Event Manager Admin panel - eventsnew.php SQL injection Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...

Event Manager Admin Panel events_new.php SQL Injection

Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link: https://codecanyon.net/item/eventmanager-php-script-admin-panel/21280741 Tested on: windows 10 1...

Dolibarr 7.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

CVE-2018-10723

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...

Hardcoded credentials

Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql...