This vulnerability can allow attackers to execute arbitrary code on vulnerable installations of pgAdmin4 software. pgAdmin4 is a GUI application for database server administration, and comes packaged with PostgreSQL package.
User interaction is required to exploit this vulnerability in that the malicious dll file(s) should be saved in any of the DLL search paths.
Confirmed on products
pgAdmin4 v1.1: Current version packaged with PostgreSQL v126.96.36.199 (Windows x86 Current version)
Posted another remote code execution exploit on Exploit-db an hour back. It is published now 🙂
UPlusFTP Server v1.7.1.01 [ HTTP ] Remote BoF Exploit PoC
Discovered by : Karn Ganeshen …
As of late, I am reading up on buffer overflows. This is one topic I had been escaping for quite a time. …