Lucene search
+L

9750 matches found

Prion
Prion
added 2014/04/10 12:55 a.m.24 views

Design/Logic Flaw

WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...

4CVSS6.6AI score0.02368EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2014/04/09 11:0 p.m.82 views

CVE-2014-0165

WordPress core versions affected are 3.7.1 and 3.8.x before 3.8.2, with remote privilege escalation allowing an authenticated user with the Contributor role to publish posts via wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php. The issue is mitigated by upgrading to ...

4CVSS6AI score0.02368EPSS
Exploits0References5Affected Software1
Drupal
Drupal
added 2014/04/09 12:0 a.m.31 views

SA-CONTRIB-2014-037 - BlueMasters - Cross Site Scripting

Bluemasters is a responsive layout theme for Drupal 7. The Bluemasters theme does not properly sanitize theme settings before they are used in the output of a page. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifie...

3.5CVSS6.3AI score0.00946EPSS
Exploits0References11
NVD
NVD
added 2014/03/31 2:58 p.m.21 views

CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...

4CVSS9.2AI score0.04124EPSS
Exploits2References18
Tenable Nessus
Tenable Nessus
added 2014/03/31 12:0 a.m.33 views

SuSE 11.3 Security Update : PostgreSQL 9.1 (SAT Patch Number 8970)

The PostgreSQL database server was updated to version 9.1.12 to fix various security issues : - Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The...

6.5CVSS7.3AI score0.06666EPSS
Exploits6References23
PostrgeSql
PostrgeSql
added 2014/03/28 5:0 p.m.617 views

Vulnerability in core server (CVE-2014-0060)

SET ROLE bypasses lack of ADMIN OPTION...

4CVSS6.4AI score0.04124EPSS
Exploits2Affected Software1
CVE
CVE
added 2014/03/28 5:0 p.m.244 views

CVE-2014-0060

CVE-2014-0060 affects PostgreSQL: versions 8.4.19 and earlier, 9.0.x <= 9.0.15, 9.1.x <= 9.1.11, 9.2.x <= 9.2.6, and 9.3.x

4CVSS5.2AI score0.04124EPSS
Exploits2References18Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/03/21 12:0 a.m.43 views

Puppet Enterprise 3.x < 3.2.0 Multiple Vulnerabilities

According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.2.0. As a result, it is reportedly affected by multiple vulnerabilities : - An error exists related to the PE consoles and identity verification that could allow security bypasses...

6.4CVSS7.1AI score0.06193EPSS
Exploits2References9
Check Point Advisories
Check Point Advisories
added 2014/03/17 12:0 a.m.12 views

PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)

A policy bypass vulnerability has been found in PostgreSQL database server. The vulnerability is due to a design weakness when granting a role without ADMIN OPTION. A remote attacker can exploit the vulnerability to cause a policy bypass allowing execution of a security-restricted operation or a...

7AI score0.04124EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.24 views

RedHat Update for postgresql RHSA-2014:0249-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.3AI score0.06666EPSS
Exploits5References2
Cent OS
Cent OS
added 2014/03/04 8:53 p.m.80 views

postgresql security update

CentOS Errata and Security Advisory CESA-2014:0249 Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

6.5CVSS7.5AI score0.06666EPSS
Exploits5References7
RedHat Linux
RedHat Linux
added 2014/03/04 7:10 p.m.5 views

postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...

4CVSS7AI score0.04124EPSS
Exploits2References4
exploitpack
exploitpack
added 2014/02/28 12:0 a.m.73 views

SpagoBI 4.0 - Privilege Escalation

SpagoBI 4.0 - Privilege Escalation 01. Advisory Information Title: Remote Privilege Escalation in SpagoBI Date published: 2013-02-28 Date of last update: 2013-02-28 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference:...

9CVSS0.7AI score0.09881EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2014/02/27 6:23 p.m.5 views

postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...

4CVSS7AI score0.04124EPSS
Exploits2References4
Drupal
Drupal
added 2014/02/26 12:0 a.m.23 views

SA-CONTRIB-2014-023 - Project Issue File Review - XSS

The Project Issue File Review PIFR module provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing, with a focus on supporting Drupal development. Two scenarios were identified where the module does not sufficiently sanitize...

4.3CVSS6.3AI score0.01161EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2014/02/25 4:41 p.m.3 views

postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...

4CVSS7AI score0.04124EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2014/02/23 12:0 a.m.44 views

Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047)

Multiple vulnerabilities has been discovered and corrected in postgresql : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly...

6.5CVSS7.3AI score0.06666EPSS
Exploits6References11
OSV
OSV
added 2014/02/21 12:0 a.m.3 views

UBUNTU-CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...

4CVSS7AI score0.04124EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2014/02/21 12:0 a.m.23 views

CVE-2014-0060

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...

4CVSS7AI score0.04124EPSS
Exploits2References3
Drupal
Drupal
added 2014/02/12 12:0 a.m.21 views

SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability

The theme settings allow you to link to a header background file. A URL could be entered that was not properly sanitized leading to XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers issued...

4CVSS5.7AI score0.0118EPSS
Exploits0References11
Rows per page
Query Builder