exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files

pgAdmin 8.4 Code Execution
Posted Sep 2, 2024
Authored by indoushka

pgAdmin versions 8.4 and earlier are affected by a remote reverse connection execution vulnerability via the binary path validation API.

tags | exploit, remote
SHA-256 | 263e864f594c394a102efec26ea63661ce2ce5e3573fde482860fbce55467c71

Related Files

pgAdmin 8.11 Information Disclosure
Posted Sep 26, 2024
Authored by EQSTLab | Site github.com

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

tags | exploit
advisories | CVE-2024-9014
SHA-256 | 518f56e4049ab1c116b1d55d1a7662e998277cad57c401bcecbaa7035abe00a8
pgAdmin 8.4 Remote Code Execution
Posted Aug 29, 2024
Authored by M.Selim Karahan, Ayoub Mokhtar, Mustafa Mutlu | Site metasploit.com

pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2024-3116
SHA-256 | 63ed0fcb6853adbac916564a39cabd9a37b97dc0119ebfdac97ec042356d36e4
pgAdmin 8.3 Remote Code Execution
Posted Apr 17, 2024
Authored by Spencer McIntyre, Abdel Adim Oisfi, Davide Silvetti | Site metasploit.com

pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target application. This exploit supports two techniques by which the payload can be loaded, depending on whether or not credentials are specified. If valid credentials are provided, Metasploit will login to pgAdmin and upload a payload object using pgAdmin's file management plugin. Once uploaded, this payload is executed via the path traversal before being deleted using the file management plugin. This technique works for both Linux and Windows targets. If no credentials are provided, Metasploit will start an SMB server and attempt to trigger loading the payload via a UNC path. This technique only works for Windows targets. For Windows 10 v1709 (Redstone 3) and later, it also requires that insecure outbound guest access be enabled. Tested on pgAdmin 8.3 on Linux, 7.7 on Linux, 7.0 on Linux, and 8.3 on Windows. The file management plugin underwent changes in the 6.x versions and therefore, pgAdmin versions below 7.0 cannot utilize the authenticated technique whereby a payload is uploaded.

tags | exploit, arbitrary, python
systems | linux, windows
advisories | CVE-2024-2044
SHA-256 | 841d670fe90193388942d1169f9624f5fb5ef8dcf21530ef2dc60444dccc5377
phpPgAdmin 7.13.0 Command Execution
Posted Apr 1, 2021
Authored by Valerio Severini

phpPgAdmin version 7.13.0 suffers from an authenticated command execution vulnerability.

tags | exploit
SHA-256 | 7e78f9012afe8414513c0b1d8cda135dd917f81860ee7962efb2f5a64e3b0be3
Secunia Security Advisory 48774
Posted Apr 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for phpPgAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
systems | linux, suse
SHA-256 | ca21619d87fe821a4d5c90fe44505795af13875ccc587e6cdc2aaaf4a4576c4f
Secunia Security Advisory 48574
Posted Mar 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 47b473c1c3ce6bc87b02c9e9163ddaf131a1121e676dee731a261561f067689e
Secunia Security Advisory 46248
Posted Oct 31, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in phpPgAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | f63246fb2f9318dd12c8628e42130b28db67b38b714d199468a4d65502427c4d
Secunia Security Advisory 46426
Posted Oct 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for phpPgAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
systems | linux, fedora
SHA-256 | 3010d386442260c78af719dd92661211bcc098eae74fb206893c07bd1d042dca
Debian Linux Security Advisory 1693-2
Posted Jan 21, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1693-2 - The security update for phpPgAdmin in DSA-1693-1 caused a regression in modifying table fields. This updates corrects that flaw.

tags | advisory
systems | linux, debian
advisories | CVE-2007-2865, CVE-2007-5728, CVE-2008-5587
SHA-256 | 062ebd9f3ac3214ae5f72ee6b947ca0a7dbc1ad3944e42915968c3a3d4ce7944
Debian Linux Security Advisory 1693-1
Posted Dec 31, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1693-1 - Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2007-2865, CVE-2007-5728, CVE-2008-5587
SHA-256 | 7d4f2198b5b04336d494d708cff47fc1fd3d46e9591ef0094b8021d14bf4c822
Secunia Security Advisory 33263
Posted Dec 30, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for phppgadmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
systems | linux, debian
SHA-256 | 749a36cbbbb554d7230d29b4ca5ad6495291e4b43303799521e30f8e25f5fd03
Secunia Security Advisory 33286
Posted Dec 26, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for phpPgAdmin. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
systems | linux, fedora
SHA-256 | a8313434f3549a78f2644e0422d34fc2ab53ac2cae14e5f85877e846e29cd349
phpPgAdmin 4.2.1 Local File Inclusion
Posted Dec 9, 2008
Authored by dun

phpPgAdmin versions 4.2.1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 74707b950a3dc8ac1cbaa4e9b99cf6088d118b5733189d0bee1f14b9d4e462f3
Secunia Security Advisory 33014
Posted Dec 8, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Dun has discovered a vulnerability in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 21ed3e82010e0bd995b142ab5fe52d0d7e9cb9060adb59bda9f09c688adf6623
phppgadmin-xss.txt
Posted May 31, 2007
Authored by Michal Majchrowicz

phpPgAdmin versions 3.5 through 4.1.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1e
phpPgAdmin-xss.txt
Posted May 23, 2007
Authored by Michal Majchrowicz

phpPgAdmin version 4.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1e
phpPgAdmin-rfi.txt
Posted May 23, 2007
Authored by the_Edit0r | Site xmors-security.com

phpPgAdmin version 4.1.1 suffers from remote file inclusion and URL redirection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | 9249ffdd713f12814bd4e045058dcb068320591e4c583aedcaadcb0d3c5f11b7
Debian Linux Security Advisory 759-1
Posted Jul 19, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 759-1 - A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that magic_quotes_gpc is disabled.

tags | advisory, php
systems | linux, debian
advisories | CVE-2005-2256
SHA-256 | 05b60eba171cd771fa884cd9ab159a07c205fee5abad17966e32f2c57eee59f6
Secunia Security Advisory 15941
Posted Jul 7, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | eb619c5b21357c005e65660ed43094ac425949ca3e192df3786579103421a131
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close