28 matches found
EUVD-2020-0642
Malware in sbrugna...
EUVD-2023-0557
Malicious code in bioql PyPI...
CVE-2020-16253
The PgHero gem through 2.6.0 for Ruby allows CSRF...
Information Disclosure
pghero is vulnerable to Information Disclosure. The vulnerability exists because the explain function in homecontroller.rb does not properly handle sensitive information in the error message of query results, allowing an attacker to access sensitive information...
Information Exposure
Overview pghero is a performance dashboard for Postgres. Affected versions of this package are vulnerable to Information Exposure via the explain functionality, due to improper validation of the user query, which might result in data leakage from the query error message. Remediation Upgrade pgher...
PgHero Allows Information Disclosure Through EXPLAIN Feature
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
GHSA-VF99-XW26-86G5 PgHero Allows Information Disclosure Through EXPLAIN Feature
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
CVE-2023-22626
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
CVE-2023-22626
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
Information disclosure
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
PT-2023-18595 · Pghero · Pghero
Name of the Vulnerable Software and Affected Versions: PgHero versions prior to 3.1.0 Description: The issue allows information disclosure via EXPLAIN, as query results may be present in an error message. Depending on database user privileges, this may disclose information from the database or fr...
CVE-2023-22626
PgHero (Python/DB admin dashboard for PostgreSQL) prior to 3.1.0 contains a confidentiality flaw where the EXPLAIN path can leak query results via error messages. The root cause is information disclosure in error responses, which may expose database content or, in some cases, file contents on the...
PgHero 安全漏洞
PgHero is a performance dashboard for Postgres by Andrew Kane, an individual developer. A security vulnerability exists in versions of PgHero prior to 3.1.0 that stems from a malicious PgHero user being able to use the EXPLAIN function to extract data from a database and pass certain inputs, whic...
CVE-2023-22626
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
CVE-2023-22626
PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...
Information Disclosure Through EXPLAIN Feature
A malicious PgHero user can use the EXPLAIN functionality to extract data from the database. With certain inputs, a user can get the results of a query to appear in an error message. If the PgHero database user has superuser privileges not recommended, the user can use file access functions to re...
Cross-site Request Forgery (CSRF)
PgHero is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it does not check for authenticity tokens for non-session based authentication methods...
PgHero gem cross-site request forgery vulnerability
PgHero gem is a performance dashboard package for PostgreSQL by Andrew Kane Software Developers, USA. A cross-site request forgery vulnerability exists in PgHero gem version 2.6.0 and earlier. The vulnerability stems from a WEB application that does not adequately validate that a request is comin...
Cross-site Request Forgery (CSRF)
Overview pghero is a performance dashboard for Postgres. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. The Ruby gem is vulnerable with non-session based authentication methods like basic authentication - session-based authentication methods like Devise's...
PgHero gem allows CSRF
The PgHero gem through 2.6.0 for Ruby allows CSRF. PgHero normally uses the protectfromforgery method from Rails to prevent CSRF. However, this defaults to :nullsession, which has no effect on non-session based authentication methods. Thus the ruby gem is vulnerable with non-session based...