9750 matches found
Design/Logic Flaw
WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php...
CVE-2014-0165
WordPress core versions affected are 3.7.1 and 3.8.x before 3.8.2, with remote privilege escalation allowing an authenticated user with the Contributor role to publish posts via wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php. The issue is mitigated by upgrading to ...
SA-CONTRIB-2014-037 - BlueMasters - Cross Site Scripting
Bluemasters is a responsive layout theme for Drupal 7. The Bluemasters theme does not properly sanitize theme settings before they are used in the output of a page. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifie...
CVE-2014-0060
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
SuSE 11.3 Security Update : PostgreSQL 9.1 (SAT Patch Number 8970)
The PostgreSQL database server was updated to version 9.1.12 to fix various security issues : - Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The...
Vulnerability in core server (CVE-2014-0060)
SET ROLE bypasses lack of ADMIN OPTION...
CVE-2014-0060
CVE-2014-0060 affects PostgreSQL: versions 8.4.19 and earlier, 9.0.x <= 9.0.15, 9.1.x <= 9.1.11, 9.2.x <= 9.2.6, and 9.3.x
Puppet Enterprise 3.x < 3.2.0 Multiple Vulnerabilities
According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.2.0. As a result, it is reportedly affected by multiple vulnerabilities : - An error exists related to the PE consoles and identity verification that could allow security bypasses...
PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)
A policy bypass vulnerability has been found in PostgreSQL database server. The vulnerability is due to a design weakness when granting a role without ADMIN OPTION. A remote attacker can exploit the vulnerability to cause a policy bypass allowing execution of a security-restricted operation or a...
RedHat Update for postgresql RHSA-2014:0249-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
postgresql security update
CentOS Errata and Security Advisory CESA-2014:0249 Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
SpagoBI 4.0 - Privilege Escalation
SpagoBI 4.0 - Privilege Escalation 01. Advisory Information Title: Remote Privilege Escalation in SpagoBI Date published: 2013-02-28 Date of last update: 2013-02-28 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference:...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
SA-CONTRIB-2014-023 - Project Issue File Review - XSS
The Project Issue File Review PIFR module provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing, with a focus on supporting Drupal development. Two scenarios were identified where the module does not sufficiently sanitize...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047)
Multiple vulnerabilities has been discovered and corrected in postgresql : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly...
UBUNTU-CVE-2014-0060
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
CVE-2014-0060
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability
The theme settings allow you to link to a header background file. A URL could be entered that was not properly sanitized leading to XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers issued...