Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2007-3278
HistoryJun 19, 2007 - 9:30 p.m.

CVE-2007-3278

2007-06-1921:30:00
CWE-264
[email protected]
web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.2%

JSON

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

Affected configurations

NVD
Node
postgresqlpostgresqlRange7.37.3.21
OR
postgresqlpostgresqlRange7.47.4.19
OR
postgresqlpostgresqlRange8.08.0.15
OR
postgresqlpostgresqlRange8.18.1.11
OR
postgresqlpostgresqlRange8.28.2.6
Node
debiandebian_linuxMatch3.1
OR
debiandebian_linuxMatch4.0

References

Related

prion 2
ubuntucve 2
cvelist 2
cve 2
veracode 1
nvd 1
nessus 13
redhat 3
openvas 25
securityvulns 3
centos 2
oraclelinux 1
gentoo 1
debian 2
osv 2
ubuntu 1
prion
prion
Sql injection
2007-06-19 21:30:00
Authentication flaw
2008-01-09 21:46:00
ubuntucve
ubuntucve
CVE-2007-3278
2007-06-19 00:00:00
CVE-2007-6601
2008-01-09 00:00:00
cvelist
cvelist
CVE-2007-3278
2007-06-19 21:00:00
CVE-2007-6601
2008-01-09 21:00:00
cve
cve
CVE-2007-3278
2007-06-19 21:30:00
CVE-2007-6601
2008-01-09 21:46:00
veracode
veracode
Privilege Escalation
2020-04-10 00:19:39
nvd
nvd
CVE-2007-6601
2008-01-09 21:46:00
nessus
nessus
Mandrake Linux Security Advisory : postgresql (MDKSA-2007:188)
2007-09-26 00:00:00
CentOS 3 : postgresql (CESA-2008:0039)
2008-01-14 00:00:00
RHEL 3 : postgresql (RHSA-2008:0039)
2008-01-14 00:00:00
redhat
redhat
(RHSA-2008:0039) Moderate: postgresql security update
2008-01-11 00:00:00
(RHSA-2008:0040) Moderate: postgresql security update
2008-02-01 00:00:00
(RHSA-2008:0038) Moderate: postgresql security update
2008-01-11 00:00:00
openvas
openvas
Mandriva Update for postgresql MDKSA-2007:188 (postgresql)
2009-04-09 00:00:00
CentOS Update for rh-postgresql CESA-2008:0039 centos3 i386
2009-02-27 00:00:00
CentOS Update for rh-postgresql CESA-2008:0039 centos3 x86_64
2009-02-27 00:00:00
securityvulns
securityvulns
PostgreSQL dblink library multiple security vulnerabilities
2007-09-26 00:00:00
[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink
2007-09-26 00:00:00
PostgreSQL 2007-01-07 Cumulative Security Release
2008-01-08 00:00:00
centos
centos
rh security update
2008-01-11 14:31:56
postgresql security update
2008-01-11 15:27:05
oraclelinux
oraclelinux
Moderate: postgresql security update
2008-01-11 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2008-01-29 00:00:00
debian
debian
[SECURITY] [DSA 1463-1] New postgresql-7.4 packages fix several vulnerabilities
2008-01-14 18:51:52
[SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities
2008-01-13 15:45:01
osv
osv
postgresql-8.1 - several
2008-01-13 00:00:00
postgresql-7.4 - several
2008-01-14 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2008-01-14 00:00:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.2%

JSON
Related for NVD:CVE-2007-3278
prion2ubuntucve2cvelist2cve2veracode1nvd1nessus13redhat3openvas25securityvulns3centos2oraclelinux1gentoo1debian2osv2ubuntu1