ALSA-2024:6020 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 For more detail...

ALSA-2024:5927 Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more detail...

ZOHO ManageEngine ADAudit Plus SQL Injection Vulnerability (CNVD-2024-37487)

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

Important: postgresql15

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the dereferencing of a zero pointer due to concurrent access to resources race condition. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code under the name of the...

CVE-2024-7348

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the R...

PT-2024-5504 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 16.4 PostgreSQL versions prior to 15.8 PostgreSQL versions prior to 14.13 PostgreSQL versions prior to 13.16 PostgreSQL versions prior to 12.20 Description: A Time-of-check Time-of-use TOCTOU race condition in pg...

PT-2024-22384 · Bm Soft · Bmplanning

Name of the Vulnerable Software and Affected Versions: BM SOFT BMPlanning version 1.0.0.1 Description: The issue allows authenticated users to execute arbitrary SQL commands via parameters such as SEC IDF, LIE IDF, PLANF IDF, CLI IDF, DOS IDF, and possibly others to the "/BMServerR.dll/BMRest" AP...

The vulnerability of the setgeneral.php file in the Tailoring Management System (TMS) allows a hacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.

The vulnerability of the setgeneral.php file in the Tailoring Management System TMS involves a lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause ...

PT-2024-5296

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below Description The issue is related to the monitoring module of Zohocorp ManageEngine Exchange Reporter Plus, where the software fails to properly protect the SQL query structur...

The vulnerability of the add-expense.php script of the Daily Expenses Management System allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the add-expense.php file in the Daily Expenses Management System is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary SQL commands using specially created POST...

Human Resource Management System security breach

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in SourceCodester Human Resource Management System version 1.0, which originates from a SQL injection vulnerability that allows an attacker to execute...

CVE-2024-33808

A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-34931

A SQL injection vulnerability in /model/updatesubject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...

CVE-2024-34930

A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...

CVE-2024-35361

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights...

CVE-2024-35361

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights...

CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...

CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...

WordPress Visualizer plugin <= 3.10.15 - Subscriber+ Arbitrary SQL Execution vulnerability

Subscriber+ Arbitrary SQL Execution vulnerability discovered by Krzysztof Zając in WordPress Plugin Visualizer versions = 3.10.15...