postgresql: Start scripts permit database administrator to modify root-owned files

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

postgresql: Start scripts permit database administrator to modify root-owned files

Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

postgresql: Start scripts permit database administrator to modify root-owned files

Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

postgresql: Start scripts permit database administrator to modify root-owned files

Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

postgresql: Start scripts permit database administrator to modify root-owned files

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

PT-2018-5763 · Red Hat +1 · Postgresql +2

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root acces...

[SECURITY] [DSA 4027-1] postgresql-9.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4027-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 09, 2017 https://www.debian.org/security/faq -...

Remote Code Execution (RCE)

node-postgres is vulnerable to remote code execution RCE attacks. The library does not properly escape the results field, allowing a malicious user to inject and execute arbitrary code...

Remote Code Execution

Overview Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-suppli...

UPDATE: OWASP Dependency-Check 2.1.0!

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release...

SolarWinds Log and Event Manager Postgres Database Security Bypass Vulnerability

SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. A security bypass vulnerability exists in the Postgres database of SolarWinds Log and Event Manager 6.3.1, which stems from the database having a...

Solarwinds LEM 6.3.1 Hardcoded Credentials Vulnerability

The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for...

Solarwinds LEM Database Listener with Hardcoded Credentials

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-284: Improper Access Control Impact: Remote Database Compromise Attack...

Solarwinds LEM 6.3.1 Hardcoded Credentials

KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials Title: Solarwinds LEM Database Listener with Hardcoded Credentials Advisory ID: KL-001-2017-009 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt 1...

Mozilla InvestiGator: MIG

Mozilla InvestiGator Mozilla’s real-time digital forensics and investigation platform MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents...

SolarWinds Log and Event Manager < 6.3.1 Hotfix 4 Multiple Vulnerabilities

SolarWinds Log and Event Manager LEM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHP 5.6.29 releases, security vulnerability fixes-bug warning-the black bar safety net

The PHP development team announced PHP 5.6.29 available. This is a safe version that fixes several security vulnerabilities. Suggested that all PHP 5.6 users upgrade to this version. Update content: Mysqlnd: Fixed bug 64526 the missing mysqlnd. Add parameters to the php. ini-. Opcache: Fixed bug...

Oracle Linux 7 : postgresql (ELSA-2016-2606)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2606 advisory. 9.2.18-1 - update to 9.2.18 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-18.html...

postgresql security and bug fix update

9.2.18-1 - update to 9.2.18 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-18.html http://www.postgresql.org/docs/9.2/static/release-9-2-17.html http://www.postgresql.org/docs/9.2/static/release-9-2-16.html 9.2.15-2 - fix postgresql-setup to work if postgres user is set t...

UBUNTU-CVE-2016-5423

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service NULL pointer dereference and server crash, obtain sensitive memory information, or possibly execute arbitrary code via 1 a...