5 matches found
Updated postgresql15 packages fix security vulnerabilities
PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. CVE-2026-6472 PostgreSQL server undersizes allocations, via integer wraparound. CVE-2026-6473 PostgreSQL timeofday can disclose portions of server memory. CVE-2026-6474 PostgreSQL pgbasebackup and pgrewind can overwrite...
CVE-2026-24933 An improper certificate validation vulnerability was found in ADM while sending HTTPS requests to the server.
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
Hackers Breach 3.5 Million MobiFriends Dating App Credentials
The credentials of 3.5 million users of MobiFriends, a popular dating app, have surfaced on a prominent deep web hacking forum, according to researchers. MobiFriends is an online service and Android app designed to help users worldwide meet new people online. The Barcelona-based developer of...
[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert
Hi, You can read the usernames and MD5 hashed passwords of all the users in the Device Expert application by sending an unauthenticated request. I am releasing this as a 0 day as ManageEngine have responded that they do not consider this a priority and won't fix it in the near future unless a...
Moderate: Red Hat Security Advisory: pam security, bug fix, and enhancement update
Updated pam packages that fix two security flaws, resolve several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system...