140 matches found
Open Redirect
pgadmin4 is vulnerable to Open Redirect. A remote attacker is able to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a malicious URL...
pgadmin4 vulnerable to Code Injection
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...
GHSA-3V6V-2X6P-32MC pgadmin4 vulnerable to Code Injection
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...
pgAdmin 代码注入漏洞
pgAdmin 4 is a reliable and comprehensive database design and management software for PostgreSQL. A remote code execution vulnerability exists in pgAdmin 4. The vulnerability is required in Windows environments where, due to lax privilege checks by the developer, an attacker can exploit the...
Python 2.7.x DLL Hijacking Vulnerability
Python is prone to a DLL hijacking vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...
Mageia: Security Advisory (MGASA-2022-0257)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0257 Updated pgadmin4 packages fix security vulnerability
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. CVE-2022-0959 In addition,...
Updated pgadmin4 packages fix security vulnerability
A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. CVE-2022-0959 In addition,...
CVE-2017-20052
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2017-20052
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
Design/Logic Flaw
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2017-20052
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2017-20052 Python pgAdmin4 uncontrolled search path
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2017-20052
CVE-2017-20052 concerns Python 2.7.13 in the pgAdmin4 stack, where DLL/SEARCH-PATH manipulation can cause remote arbitrary code execution via pgAdmin4 loading. Multiple connected sources confirm the vulnerability affects the pgAdmin4 component and Python runtime, with exploit details publicly dis...
CVE-2017-20052 Python pgAdmin4 uncontrolled search path
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
PT-2022-7925 · Postgresql +1 · Pgadmin4 +1
Name of the Vulnerable Software and Affected Versions: Python version 2.7.13 pgAdmin4 affected versions not specified Description: A problematic issue was found, affecting the pgAdmin4 component. This issue leads to an uncontrolled search path and can be initiated remotely. The exploit has been...
openSUSE: Security Advisory for pgadmin4 (SUSE-SU-2022:1541-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2022:1541-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : pgadmin4 (SUSE-SU-2022:1541-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1541-1 advisory. - A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to...
SUSE-SU-2022:1541-1 Security update for pgadmin4
This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload bsc1197143...