Path traversal

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...

PT-2023-31501 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to 5.7.100 Description: A critical issue has been found in DedeCMS, affecting an unknown functionality of the file /include/dialog/select templets post.php. The manipulation of the activepath argument leads to absolute pat...

CVE-2023-40955

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...

Didotech srl Engineering & Lifecycle Management SQL Injection Vulnerability

Didotech srl Engineering & Lifecycle Management is a suite of open source commercial applications from Didotech srl. A security vulnerability exists in Didotech srl Engineering & Lifecycle Management aka pdm versions prior to 14.0.1.0.0, prior to 15.0.1.0.0, and prior to 16.0.1.0, which originate...

GetSimple CMS 3.3.2 Cross Site Scripting

==================================================================================================================================== | Title : GetSimple CMS v3.3.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vend...

SUSE CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

FreeBSD : postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies (59a43a73-3786-11ee-94b4-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 59a43a73-3786-11ee-94b4-6cc21735f730 advisory. - A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new ro...

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

ALPINE-CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

DEBIAN-CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

CVE-2023-39418 Postgresql: merge fails to enforce update or select row security policies

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...

CVE-2023-39418

CVE-2023-39418 affects PostgreSQL: the MERGE command can bypass row security policies for UPDATE and SELECT, allowing insertion of rows that should be disallowed when policies conflict. Public advisories (Debian, Red Hat, AlmaLinux, Canonical/Ubuntu, Cloud Foundry) confirm a fix is available in p...

postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies

PostgreSQL Project reports PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some row that INSERT policies do not forbid, a user could store such rows. Subsequent consequences...

PT-2023-4423 · Unknown +9 · Postgresql +8

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 15 and later Description: A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies...

CISA Releases One Industrial Control Systems Advisory

CISA released one Critical Industrial Control Systems ICS advisory on July 12, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-193-01 Rockwell Automation Select Communication Modules CISA encourages users and...

USN-6195-1 vim vulnerabilities

It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2022-0128 It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE due to allowing attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. Remediation Upgrade System.Linq.Dynamic.Core to version 1.3.0 or...

Dynamic Linq 安全漏洞

Dynamic Linq is a free open source LINQ dynamic query library. A security vulnerability exists in Dynamic Linq versions 1.0.7.10 through 1.2.25 that could allow an attacker to execute arbitrary code and commands while parsing methods on untrusted inputs such as Where, Select, and OrderBy...