23 matches found
CVE-2023-30625
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
Summary The endpoint /site-structure/localizer/save-string/:lang/:defstring accepts two parameter values: lang and defstring. These values are used in an unsafe way to set the keys and value of the cfgStrings object. It allows to add/modify properties of the Object prototype that result in severa...
GHSA-3JMM-F6JJ-RCC3 rudder-server is vulnerable to SQL injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
rudder-server is vulnerable to SQL injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
SQL Injection
rudder-server is vulnerable to SQL Injection. The vulnerability is due to the SaveFailedRecordIDs and getPendingStagingFileCount functions using untrusted user input in a SQL statement without using prepared queries, which may result in remote code execution because the PostgresSQL database is ru...
CVE-2023-30625
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
Sql injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
CVE-2023-30625 rudder-server vulnerable to SQL Injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
CVE-2023-30625 rudder-server vulnerable to SQL Injection
rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...
Vulnerable version of PostgresSQL JDBC driver used - CVE-2022-21724
Affected versions of Atlassian Jira Server and Data Center used versions of the PostgresSQL JDBC driver that were vulnerable to CVE-2022-21724. The affected versions of Atlassian Jira Server and Data Center are before version 8.22.2. Affected versions: version 8.22.2 Fixed versions: 8.22.2 and...
Security Bulletin: PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692)
Summary PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure caused by an XML external entity XXE Vulnerability Details CVEID: CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caus...
PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks
The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...
ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module exploits sql and command injection vulnerability in the ManageEngine AM 14 and prior version...
KLA11147 Multiple vulnerabilities in PostgreSQL
Multiple serious vulnerabilities have been found in PostgreSQL. Vulnerabilities in core server and contrib module components can be exploit remotely to gain privileges. Original advisories Security Information Exploitation Public exploits exist for this vulnerability. Related products PostgreSQL...
Solaris Update for PostgresSQL 123591-12
Check for the Version of PostgresSQL OpenVAS Vulnerability Test Solaris Update for PostgresSQL 123591-12 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Solaris Update for PostgresSQL 123590-12
Check for the Version of PostgresSQL OpenVAS Vulnerability Test Solaris Update for PostgresSQL 123590-12 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Solaris Update for PostgresSQL 123590-12
Check for the Version of PostgresSQL OpenVAS Vulnerability Test Solaris Update for PostgresSQL 123590-12 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Solaris Update for PostgresSQL 123591-12
Check for the Version of PostgresSQL OpenVAS Vulnerability Test Solaris Update for PostgresSQL 123591-12 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
openSUSE Security Update : postgresql (postgresql-1322)
Multiple security vulnerabilities have been fixed in PostgrSQL - CVE-2009-3229: allows remote authenticated users to cause a denial of service - CVE-2009-3230: allows remote authenticated users to gain higher privileges - CVE-2009-3231: when using LDAP authentication with anonymous binds, allows...
Solaris Update for PostgresSQL 123590-10
Check for the Version of PostgresSQL OpenVAS Vulnerability Test Solaris Update for PostgresSQL 123590-10 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...