Author: Cyberthreat Blog

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.

PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized...

irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.