37 matches found
MiracleLinux 8 : postgresql:10 (AXSA:2021-1514:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1514:01 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operatio...
CVE-2025-30358 Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to...
CVE-2025-30358 Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to...
CVE-2023-27471
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerabili...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
X-Cart < 4.1.3 - Arbitrary Variable Overwrite Vulnerability
Exploit for php platform in category web applications X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic q...
SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description: SquirrelMail is a standards-based webmail package written i...
e107 <= 0.7.11 - Arbitrary Variable Overwriting Vulnerability
No description provided by source. GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107...
php live helper <= 2.0.1 - Multiple Vulnerabilities
No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...
PT-2013-18: Variables Overwriting in mnoGoSearch
Positive Technologies experts have detected a Cross-Site Scripting vulnerability in mnoGoSearch. Due to incorrect application architecture, all the template variables and variables sent by the client are stored in the same list. This vulnerability allows attackers to overwrite any uninitialized...
phpList <= 2.10.8 Variable Overwriting
The version of phpList installed on the remote host emulates PHP's 'registerglobals' functionaltiy' insecurely in its 'admin/index.php' script. Provided PHP's 'registerglobals' setting is disabled, an unauthenticated attacker can exploit this issue to overwrite the 'SERVERConfigFile' and...
PHP Live Helper <= 2.0.1 Multiple Remoet Vulnerabilities
No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...
PHP Live Helper <= 2.0.1 Multiple Remote Vulnerabilities
No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...
phplivehelper-sqlexec.txt
GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach $result as $key = $val $info$key = stripslashes$val;...
PHP Live Helper 2.0.1 - Multiple Vulnerabilities
PHP Live Helper 2.0.1 - Multiple Vulnerabilities GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach...
PHP Live Helper <= 2.0.1 Multiple Vulnerabilities
GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows the visitors of a website to intera...
PHP Live Helper 2.0.1 - Multiple Vulnerabilities
GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach $result as $key = $val $info$key = stripslashes$val;...
PHP Live Helper <= 2.0.1 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result...
e107 <= 0.7.11 Arbitrary Variable Overwriting Vulnerability
No description provided by source. GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107...