CVE-2024-27299

phpMyFAQ 3.2.5 contains a SQL injection in the Add News feature through the authorEmail field (FILTER_VALIDATE_EMAIL) not being properly escaped. Exploitation requires an authenticated user with news-edit rights and can lead to data exfiltration, account takeover, and potentially remote code exec...

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

CVE-2024-27299 phpMyFAQ SQL Injection at "Save News"

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edi...

Fedora: Security Advisory (FEDORA-2024-ed884c3203)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for pgadmin4 (FEDORA-2024-15df3b6d95)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-db558f6fb2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: postgresql-jdbc-42.7.3-1.fc40

PostgreSQL is an advanced Object-Relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database...

[SECURITY] Fedora 40 Update: pgadmin4-8.4-2.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 40 Update: pgadmin4-8.4-1.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

PT-2024-3233 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: A vulnerability in Brocade SANnav is related to insufficient protection of registration data in the PostgreSQL component. This could allow a privileged user to...

ROS-20240322-01

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

ROS-20240322-02

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

ROS-20240322-03

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

ROS-20240322-05

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

ROS-20240322-04

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

Oracle Linux 8 : postgresql-jdbc (ELSA-2024-1435)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1435 advisory. 42.2.14-3 - Fix CVE-2024-1597 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity...

AlmaLinux 9 : postgresql-jdbc (ALSA-2024:1436)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:1436 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no...

AlmaLinux 8 : postgresql-jdbc (ALSA-2024:1435)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1435 advisory. - pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...