ZSQL: Log Directory Permission

The LOGPATHPERMISSIONS parameter specifies the log directory permission. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ZSQL: Maximum Number of Backup Audit Files

The AUDITBACKUPFILECOUNT parameter specifies the maximum number of backup audit log files. If the number of backup files exceeds the specified value, the earliest backup files are automatically deleted and the backup deletion information is recorded in audit logs. SPDX-FileCopyrightText: 2020...

Arbitrary Code Execution

postgresql is vulnerable to arbitrary code execution. A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query...

Denial Of Service (DoS)

PostgreSQL is vulnerable to denial of service DoS.It is due to an integer overflow in src/backend/executor/nodeHash.c, allowing an attacker to use a malicious SQL query to cause a temporary denial of service postgres daemon crash or, potentially, execute arbitrary code with the privileges of the...

Denial Of Service (DoS)

PostgreSQL is vulnerable to Denial Of Service DoS. A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT and BIT VARYING SQL data types. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary...

ZSQL: Password Grace Period

The password grace period is the days between password expiration warning and password expiration. In this grace period, users can change their passwords before password expiration, ensuring service continuity. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted fr...

ZSQL: Resource Limit of a Single User

Configure the resource limit to enable the maximum number of connections of a single user as defined in ADMPROFILES table. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ZSQL: Number Of Days Before Which a Password Cannot Be Reused

You must configure the number of days before which a password cannot be reused. This configuration prevents password cracking caused by password reuse. It is configured by setting the PASSWORDREUSETIME parameter unit: day. After this parameter is set, the password can be reused only after the...

ZSQL: Check for users with DROP USER permission

Searches for users and roles with DROP USER permission and checks whether they are authorized to have it. A user with the DROP User permission can delete other users. If this permission is no longer necessary, revoke it. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...

Sort order SQL injection via `direction` parameter in administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

CVE-2020-10563

An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query...

Sql injection

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

Design/Logic Flaw

An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query...

GHSA-2P5P-M353-833W Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

CVE-2020-5257 Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

CVE-2020-10563

An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query...

SQL Injection

In Administrate rubygem, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord SQL protections. Whils...

Update Rollup 1 for System Center Orchestrator 2019

Update Rollup 1 for System Center Orchestrator 2019 Introduction This article describes the issues that are fixed in Update Rollup 1 for Microsoft System Center Orchestrator 2019. This article also contains the installation instructions for this update. Issues that are fixed Events pane of the...

Gila CMS SQL Injection Vulnerability

Gila CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in /admin/sql?query= in Gila CMS version 1.11.8. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker...