Cross site request forgery (csrf)

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...

postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements

It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...

Amazon Linux AMI : postgresql95 (ALAS-2018-1118)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

Amazon Linux AMI : postgresql96 (ALAS-2018-1119)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

openvswitch: Error during bundle commit in ofproto/ofproto.c:ofproto_rule_insert__() allows for crash

An issue was discovered in Open vSwitch OvS, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2, where the ofprotoruleinsert function inside ofproto/ofproto.c is affected by an assertion failure under certain circumstances. A specially crafted flow update applied using the bundling...

Unspecified Vulnerability in Oracle Hyperion Common Events Component (CNVD-2019-38556)

Oracle Hyperion is the United States Oracle Oracle company's set of financial modeling applications. The software provides financial settlement, report production and other functions. Hyperion Common Events is one of the event processing components. A security vulnerability exists in the User...

CVE-2018-3265

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Zones. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris...

CVE-2018-3175

Vulnerability in the Hyperion Common Events component of Oracle Hyperion subcomponent: User Interface. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful...

CVE-2018-3131

Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with logon to the infrastructure where Oracle...

CVE-2018-3189

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite subcomponent: Outcome-Result. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2018-24267)

Oracle E-Business Suite E-Business Suite is a set of Oracle's fully integrated global business management software.Applications Manager is one of the components used to monitor the performance and availability of Oracle application servers. A security vulnerability exists in the None subcomponent...

Unspecified Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management (CNVD-2018-24259)

Oracle Construction and Engineering Suite is a suite of portfolio management solutions for construction projects from Oracle Corporation.Primavera P6 Enterprise Project Portfolio Management P6 is one of the components for planning, managing and executing projects. Primavera P6 Enterprise Project...

WordPress Wp-Insert plugin code execution vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. wp-Insert plugin is used in one of the ads management plugin . A file upload vulnerability exists in WordPress...

Design/Logic Flaw

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and...

CVE-2018-17573

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and...

CVE-2018-17573

The CVE-2018-17573 entry concerns WordPress with the WP-Insert plugin (v2.4.2 and earlier) where an improper exposure/configuration of FCKeditor files (fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/co...

Wordpress plugin Wp Insert 'Fckeditor' arbitrary file upload vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress plugin Wp Insert 'Fckeditor' has an arbitrary file upload vulnerability that can be exploited by attackers to upload arbitrary files...

WordPress WP Insert 2.4.2 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Wp Insert - 'Fckeditor' Arbitrary File Upload Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Google Dork: /wp-content/plugins/wp-insert Vendor: Namith Jawahar Software Link:...

LimeSurvey Cross-Site Scripting Vulnerability (CNVD-2019-31188)

LimeSurvey formerly known as PHPSurveyor is an open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection functions. appendix is one of the appendix components. A cross-site scripting vulnerability...

Important: postgresql93, postgresql94, postgresql95

Issue Overview: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could...