EUVD-2014-3560

Malware in sbrugna...

Vulnerability in client (CVE-2025-8715)

PostgreSQL pgdump newline in object name executes arbitrary code in psql client and in restore target server Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account...

CVE-2025-44897

FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftpsrvip parameter in the webtoolupgradeManagerpost function...

Command Execution Vulnerability in Deepsix VPN Upgrade Maintenance Tool

SSL VPN is a kind of VPN technology provided by SZSS to solve the problem of remote users accessing sensitive company data to realize remote access. A command execution vulnerability exists in the Deepsix VPN Upgrade and Maintenance Tool, which can be exploited by an attacker to remotely upload a...

ASUS ScreenPad2 Upgrade Tool Code Issue Vulnerability

ASUS ScreenPad2 Upgrade Tool is an update tool for the ASUS ScreenPad2 touchpad from ASUS of Taiwan, China.ASUS ScreenPad2 Upgrade Tool version 1.0.3 contains the AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe files are vulnerable to a code issue. An attacker could exploit t...

CVE-2020-15009

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...

CVE-2020-15009

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...

CVE-2020-15009

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...

CVE-2020-15009

ASUS ScreenPad2 Upgrade Tool (ScreenPad1.0) — The CVE affects ScreenPad2_Upgrade_Tool.msi v1.0.3 on AXUX UX450FDX, UX550GDX, UX550GEX. Two executables, AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe, are implicated. The issue permits unsigned code execution with no additiona...

CVE-2020-7276

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security ENS for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool...

Red Hat redhat-upgrade-tool data forgery issue vulnerability

Red Hat redhat-upgrade-tool is a system upgrade tool from Red Hat USA. A data forgery issue vulnerability exists in Red Hat redhat-upgrade-tool, which can be exploited by an attacker to conduct an attack with forged data...

CVE-2014-3585

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions...

Design/Logic Flaw

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions...

CVE-2014-3585

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions...

CVE-2014-3585

The CVE-2014-3585 entry concerns the Red Hat redhat-upgrade-tool, which does not verify GPG signatures when upgrading versions. This is described as enabling potential forgery or MitM-style abuse, with mitigations discussed in multiple sources. The impact is characterized as high (critical/remote...

PT-2019-7094 · Red Hat · Redhat-Upgrade-Tool

Name of the Vulnerable Software and Affected Versions: redhat-upgrade-tool affected versions not specified Description: The issue is related to the redhat-upgrade-tool not checking GPG signatures when upgrading versions. Recommendations: At the moment, there is no information about a newer versio...

Man-in-the-Middle (MitM)

redhat-upgrade-tool is vulnerable to man-in-the-middle MitM attack. The tool does not implement proper GPG signature verification when performing package installations, allowing an attacker to perform man-in-the-middle attacks against the client...

postgresql: SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING

A SQL Injection flaw has been discovered in PostgreSQL server in the way triggers that enable transition relations are dumped. The transition relation name is not correctly quoted and it may allow an attacker with CREATE privilege on some non-temporary schema or TRIGGER privilege on some table to...

PostgreSQL 'pg_upgrade' and 'pg_dump' Functions SQL Injection Vulnerability

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A SQL injection vulnerability exists in the 'pgupgrade...

USN-3818-1 postgresql-10 vulnerability

It was discovered that PostgreSQL incorrectly handled certain trigger definitions when running pgupgrade or pgdump. A remote attacker could possibly use this issue to execute arbitrary SQL statements with superuser privileges...