postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

Schneider Electric Interactive Graphical SCADA System Buffer Overflow Vulnerability (CNVD-2020-67319)

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer overflow vulnerability that stems...

PostgreSQL Arbitrary Code Execution Vulnerability (CNVD-2022-06539)

PostgreSQL is a free object-relational database server database management system distributed under a flexible BSD-style license. an arbitrary code execution vulnerability exists in the psql interactive terminal in PostgreSQL. If an interactive psql session uses gset when querying the server, an...

ALPINE-CVE-2020-25696

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating...

Design/Logic Flaw

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating...

CVE-2020-25696

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating...

Schneider Electric Interactive Graphical SCADA System Out-of-Bounds Write Vulnerability

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An out-of-bounds write vulnerability exists in Interactive Graphical SCADA System version...

Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that...

Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that stems...

Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that stems...

Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that stems...

MISSIONS — The Next Level of Interactive Developer Security Training

If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that...

[SECURITY] Fedora 33 Update: mupdf-1.18.0-2.fc33

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

WordPress Super Interactive Maps premium plugin <= 1.9 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability found by Eagle Eye in WordPress Super Interactive Maps premium plugin versions = 1.9. Solution Update the WordPress Super Interactive Maps premium plugin to the latest available version at least 2.0...

Default configuration

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactiv...

OPENSUSE-SU-2020:1497-1 Security update for singularity

This update for singularity fixes the following issues: New version 3.6.3, addresses the following security issues: - CVE-2020-25039, boo1176705 When a Singularity action command run, shell, exec is run with the fakeroot or user namespace option, Singularity will extract a container image to a...

Osintgram - A OSINT Tool On Instagram

Osintgram is a OSINT tool on Instagram. Osintgram offers an interactive shell to perform analysis on Instagram account of any users by its nickname. You can get: - addrs Get all registered addressed by target photos - captions Get user's photos captions - comments Get total comments of target's...

Pocsuite

This project, Pocsuite, is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...

Evine - Interactive CLI Web Crawler

Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...

hackerEnv - An Automation Tool That Quickly And Easily Sweep IPs And Scan Ports, Vulnerabilities And Exploit Them

hackerEnv is an automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them. Then, it hands you an interactive shell for further testing. Also, it generates HTML and docx reports. It uses other tools such as nmap, nikto, metasploit and hydra. Works in kali...