postgresql - Latest Security News about - postgresql - Kubernetes WAF | K8 Web Application Firewall

PostgreSQL security flaws

Overview : Multiple flaws was discovered in postgresql Affected Product(s) : postgresql 9.4 – 11 postgresql 11.x before 11.5 Vulnerability Details : CVE ID : CVE-2019-10208 A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute […]

Potential SQL injection in PostgreSQL Zend\Db adapter

Overview : Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Affected Product(s) : Zend Framework 2.2.10 Zend Framework 2.3.5 Vulnerability Details : CVE ID : CVE-2015-0270 A patch was written that provides the correct PostgreSQL escaping sequence for quotes used for identifiers and values, and tests were […]

Various SQL injection attacks have been mitigated.

Overview : In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts). CVE-2020-11010 Various SQL injection attacks have [...]

unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

Overview : An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application. CVE-2020-8639 [...]

cPanel before 84.0.20 allows a demo account to achieve remote code execution

Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Vulnerability Details : CVE ID : CVE-2020-10119 Skip to end of metadata Created by Documentation, last modified yesterday at 3:08 PM Go to start of metadata 84.0.22 2020-03-16 [security] Fixed case SEC-505: Bandwidth suspensions can be triggered [...]

Latest Security News about postgresql

PostgreSQL security flaws

Potential SQL injection in PostgreSQL Zend\Db adapter

Various SQL injection attacks have been mitigated.

unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

cPanel before 84.0.20 allows a demo account to achieve remote code execution

About Us

Products

Services

Get in Touch