openSUSE: Security Advisory for postgresql10 (openSUSE-SU-2019:2062-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : postgresql10 (openSUSE-2019-2062)

This update for postgresql10 fixes the following issues : Security issue fixed : - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. This update was imported from the SUSE:SLE-15:Update update project. C Tenab...

OPENSUSE-SU-2019:2062-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2019:2228-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

SUSE SLES12 Security Update : postgresql96 (SUSE-SU-2019:2159-1)

This update for postgresql96 fixes the following issues : Security issue fixed : CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. Note that Tenable Network Security has extracted the preceding description blo...

MGASA-2019-0225 Updated postgresql packages fix security vulnerabilities

Updated postgresql packages fix security vulnerabilities: Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call having inexact...

PostgreSQL 9.4.x < 9.4.24 / 9.5.x < 9.5.19 / 9.6.x < 9.6.15 / 10.x < 10.10 / 11.x < 11.5 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.4.x prior to 9.4.24, 9.5.x prior to 9.5.19, 9.6.x prior to 9.6.15, 10.x prior to 10.10, or 11.x prior to 11.5. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability that allows an attacker to execute...

PostgreSQL SQL Injection Vulnerability

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A SQL injection vulnerability exists in PostgreSQL versions 9.4...

SaltStack Salt MySQL Module SQL Injection Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A SQL injection vulnerability exists in the SaltStack Salt MySQL module. The vulnerability stems from a lack of validation of externally...

Input validation

An issue was discovered in the D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL...

Harmis JE Messenger Component SQL Injection Vulnerability in Joomla!

Joomla! is an open source, cross-platform content management system CMS developed by the Open Source Matters team in the United States using PHP and MySQL. Harmis JE Messenger component is used in one of the personal messaging components, which supports incoming and outgoing e-mail and online...

CVE-2019-9204

SQL injection vulnerability in Nagios IM component of Nagios XI before 2.2.7 allows attackers to execute arbitrary SQL commands...

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

CVE-2018-16803

In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code...

Directory Traversal Vulnerability in Changchun Lingzhan Software Company's College Academic Affairs Management System v6.0

Changchun Lingzhan Software Co., Ltd. is a high-tech enterprise specializing in the development and sale of application software for the education industry. A directory traversal vulnerability exists in the Changchun Lingzhan Software Co. An attacker can exploit the vulnerability by traversing th...

youke365 SQL Injection Vulnerability

youke365 is an open source navigation management system. The admin/login.html page in version 1.1.5 of youke365 suffers from a SQL injection vulnerability that can be exploited by remote attackers to execute arbitrary SQL commands...

Wordpress Arigato Autoresponder and Newsletter SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Arigato Autoresponder and Newsletter is an autoresponder plugin that is used in... A SQL injection vulnerability exists in Wordpress...

Multiple Vulnerabilities in MySQL Smart Reports 'id'

MySQL Smart Reports is a complete solution for generating reports using existing MySQL databases. An attacker can exploit this vulnerability to execute arbitrary SQL commands. A SQL injection and cross-site scripting vulnerability exists in MySQL Smart Reports 'id'. An attacker can exploit this...

MySQL Blob Uploader 'home-filet-edit.php' SQL Injection Vulnerability

MySQL Blob Uploader is a database file upload script. MySQL Blob Uploader 'home-filet-edit.php' suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...