SQL Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to SQL Injection via the Maintenance Tool. An attacker can execute arbitrary SQL commands and potentially escalate to operating-system command execution on the database host by supplying crafted input to the...

GHSA-HP84-P2GQ-6FVR SQL injection vulnerability in pgAdmin 4 Maintenance Tool

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

SQL injection vulnerability in pgAdmin 4 Maintenance Tool

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

CVE-2026-7815

The CVE-2026-7815 issue affects pgAdmin 4 maintenance tooling. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated into VACUUM/ANALYZE/REINDEX commands and passed to psql --command. An authenticated user with tools_maint...

CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

PT-2026-39625

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An SQL injection exists in the Maintenance Tool where four user-supplied JSON fields—buffer usage limit, vacuum parallel, vacuum index cleanup, and reindex tablespace—are concatenated directly into...

EUVD-2008-5305

Malware in sbrugna...

EUVD-2008-5303

Malware in sbrugna...

CVE-2024-4447

In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API UserSessionAjax.getSessionList.dwr calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack...

Secomea SiteManager 缓冲区错误漏洞

Secomea SiteManager is a Danish Secomea application that provides a remote maintenance function for industrial equipment. Secomea SiteManager is vulnerable to a stack buffer overflow vulnerability that can be exploited by attackers to cause arbitrary code execution...

Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands...

CVE-2021-44746

UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can acce...

CVE-2021-44746

CVE-2021-44746 affects NEC UNIVERGE IP Phone DT series and related tools: UNIVERGE DT 820 (3.2.7.0 and earlier), DT 830 (5.2.7.0 and earlier), DT 930 (2.4.0.0 and earlier), IP Phone Manager (8.9.1 and earlier), Data Maintenance Tool for DT900 (5.3.0.0 and earlier) and DT800 (4.2.0.0 and earlier)....

PT-2022-12217 · Nec · Univerge Dt 930 +5

Name of the Vulnerable Software and Affected Versions: UNIVERGE DT 820 versions 3.2.7.0 and prior UNIVERGE DT 830 versions 5.2.7.0 and prior UNIVERGE DT 930 versions 2.4.0.0 and prior IP Phone Manager versions 8.9.1 and prior Data Maintenance Tool for DT900 Series versions 5.3.0.0 and prior Data...

UNIVERGE DT Series vulnerable to missing encryption of sensitive data

Overview UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers IP Phone Manager and Data Maintenance Tool provided by NEC Platforms, Ltd. contain a missing encryption vulnerability CWE-311. NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solutions throug...

JVN#13464252: UNIVERGE DT Series vulnerable to missing encryption of sensitive data

UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers IP Phone Manager and Data Maintenance Tool provided by NEC Platforms, Ltd. contain a missing encryption vulnerability CWE-311. Impact If a remote attacker who can access to the internal network setting the product analyzes packets...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. In the admin panel of basercms, an administrator with privileges to perform maintenance operations, has access ...

VulnCheck KEV: CVE-2007-3010

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands...

Sony Xperia Touch Access Control Error Vulnerability

The Sony Xperia Touch is a touch projector from Sony Japan. A vulnerability in the Sony Xperia Touch build fingerprint: Sony/blancwindy/blancwindy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys in the com. An access control error vulnerability exists in the...

IBM Rational ClearQuest 7.1.1.x < 7.1.1.9 / 7.1.2.x < 7.1.2.6 / 8.0.0.x < 8.0.0.2 Multiple Vulnerabilities (credentialed check)

The remote host is running a version of IBM Rational ClearQuest 7.1.1.x prior to 7.1.1.9 / 7.1.2.x prior to 7.1.2.6 / 8.0.0.x prior to 8.0.0.2 installed. It is, therefore, affected by the following vulnerabilities : - A SQL injection vulnerability exists in the ClearQuest Maintenance tool when...