Nixu NameSurfer存在多个安全漏洞：
1，部分输入在使用之前缺少过滤，允许攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。
2，解析XML实体时存在错误，允许攻击者利用特制的包含外部实体引用的XML文档来获取本地资源数据或消耗服务器资源。
3，存在未明错误允许攻击者利用漏洞以"namesurf"用户访问任意文件。
4，该产品绑定的postgreSQL存在多个安全漏洞。
0
Nixu NameSurfer 7.x
Nixu NameSurfer 7.5.2.1版本已修复该漏洞，建议用户下载使用：
http://www.nixusoftware.com/index.php/products/namesurfer

nessus 25

oraclelinux 2

kaspersky 1

veracode 7

centos 3

redhat 4

openvas 26

amazon 2

securityvulns 6

ubuntu 1

debian 2

mageia 2

freebsd 1

osv 2

gentoo 1

ubuntucve 8

cve 8

huawei 2

prion 8

seebug 4

checkpoint_advisories 3

postgresql 7

debiancve 1

oracle 1

nessus

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : postgresql-8.4, postgresql-9.1 vulnerabilities (USN-2120-1)

2014-02-25 00:00:00

Oracle Linux 5 : postgresql (ELSA-2014-0249)

2014-03-05 00:00:00

Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2014-0211)

2014-02-26 00:00:00

oraclelinux

postgresql84 and postgresql security update

2014-02-25 00:00:00

postgresql security update

2014-03-04 00:00:00

kaspersky

KLA10297 Multiple vulnerabilities in PostgreSQL

2014-03-31 00:00:00

veracode

Privilege Escalation

2019-05-02 05:01:19

Code Execution Using A Race Condition

2019-05-02 05:01:19

Integer Overflow

2019-05-02 05:01:20

centos

postgresql security update

2014-03-04 20:53:33

postgresql, postgresql84 security update

2014-02-25 18:39:58

postgresql92 security update

2014-02-28 01:35:22

redhat

(RHSA-2014:0211) Important: postgresql84 and postgresql security update

2014-02-25 00:00:00

(RHSA-2014:0249) Important: postgresql security update

2014-03-04 00:00:00

(RHSA-2014:0221) Important: postgresql92-postgresql security update

2014-02-27 00:00:00

openvas

CentOS Update for postgresql84 CESA-2014:0211 centos5

2014-03-04 00:00:00

Ubuntu Update for postgresql-9.1 USN-2120-1

2014-02-25 00:00:00

CentOS Update for postgresql CESA-2014:0211 centos6

2014-03-04 00:00:00

amazon

Important: postgresql9

2014-03-13 18:12:00

Important: postgresql8

2014-03-13 18:12:00

securityvulns

[USN-2120-1] PostgreSQL vulnerabilities

2014-02-28 00:00:00

PostgreSQL multiple security vulnerabilities

2014-02-28 00:00:00

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

2014-09-21 00:00:00

ubuntu

PostgreSQL vulnerabilities

2014-02-24 00:00:00

debian

[SECURITY] [DSA 2864-1] postgresql-8.4 security update

2014-02-20 17:05:33

[SECURITY] [DSA 2865-1] postgresql-9.1 security update

2014-02-20 21:25:41

mageia

Updated postgresql packages fix multiple vulnerabilities

2014-05-17 04:20:42

Updated postgresql packages fix multiple security vulnerabilities

2014-05-09 01:29:25

freebsd

PostgreSQL -- multiple privilege issues

2014-02-20 00:00:00

osv

postgresql-8.4 - several

2014-02-20 00:00:00

postgresql-9.1 - several

2014-02-20 00:00:00

gentoo

PostgreSQL: Multiple vulnerabilities

2014-08-29 00:00:00

ubuntucve

CVE-2014-0063

2014-02-21 00:00:00

CVE-2014-0065

2014-02-21 00:00:00

CVE-2014-0060

2014-02-21 00:00:00

cve

CVE-2014-0065

2014-03-31 14:58:00

CVE-2014-0063

2014-03-31 14:58:00

CVE-2014-0060

2014-03-31 14:58:00

huawei

Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB

2017-05-31 00:00:00

Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB

2017-05-31 00:00:00

prion

Buffer overflow

2014-03-31 14:58:00

Stack overflow

2014-03-31 14:58:00

Command injection

2014-03-31 14:58:00

seebug

PostgreSQL安全限制绕过漏洞

2014-02-25 00:00:00

PostgreSQL远程栈缓冲区溢出漏洞

2014-02-25 00:00:00

PostgreSQL远程拒绝服务漏洞

2014-02-25 00:00:00

checkpoint_advisories

PostgreSQL Database geo_ops path_in Integer Overflow (CVE-2014-0064)

2014-03-17 00:00:00

PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)

2014-03-17 00:00:00

PostgreSQL Database Datetime Buffer Overflow (CVE-2014-0063)

2014-04-08 00:00:00

postgresql

Vulnerability in core server (CVE-2014-0064)

2014-03-31 14:58:00

Vulnerability in core server (CVE-2014-0060)

2014-03-31 14:58:00

Vulnerability in contrib module (CVE-2014-0066)

2014-03-31 14:58:00

debiancve

CVE-2014-0061

2014-03-31 14:58:00

oracle

Oracle Critical Patch Update - October 2017

2017-10-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.927 High

EPSS

Percentile

98.8%

JSON

Related for SSV:62083