CVE-2002-1657

PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack...

GLSA-200502-19 : PostgreSQL: Buffer overflows in PL/PgSQL parser

The remote host is affected by the vulnerability described in GLSA-200502-19 PostgreSQL: Buffer overflows in PL/PgSQL parser PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser. Impact : A remote attacker could send a malicious query resulting in the execution of arbitrary...

PostgreSQL: Buffer overflows in PL/PgSQL parser

Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser. Impact A remote attacker could send a malicious query resulting in the execution of arbitrary code with the...

CVE-2004-0977

The makeoidjoinscheck script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0977

The makeoidjoinscheck script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files...

CVE-2005-0244

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command...

CVE-2005-0245

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function gram.y, which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247...

CVE-2005-0247

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via 1 a large number of variables in a SQL statement being handled by the readsqlconstruct function, 2 a large number of INTO variables in a SELECT statement being handled by the...

[USN-71-1] PostgreSQL vulnerability

=========================================================== Ubuntu Security Notice USN-71-1 February 01, 2005 postgresql vulnerability http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php =========================================================== A security issue affects the following...

USN-71-1: PostgreSQL vulnerability

John Heasman discovered a local privilege escalation in the PostgreSQL server. Any user could use the LOAD extension to load any shared library into the PostgreSQL server; the library's initialisation function was then executed with the permissions of the server. Now the use of LOAD is restricted...

CVE-2005-0245

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function gram.y, which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247...

postgresql -- privilege escalation vulnerability

John Heasman and others disovered that non-privileged users could use the LOAD extension to load arbitrary libraries into the postgres server process space. This could be used by non-privileged local users to execute arbitrary code with the privileges of the postgresql server...

Debian DSA-577-1 : postgresql - insecure temporary file

Trustix Security Engineers identified insecure temporary file creation in a script included in the postgresql suite, an object-relational SQL database. This could lead an attacker to trick a user to overwrite arbitrary files he has write access to. %NASLMINLEVEL 70300 C Tenable Network Security,...

[OpenPKG-SA-2004.046] OpenPKG Security Advisory (postgresql)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [email protected] [email protected] OpenPKG-SA-2004.046 29-Oct-2004 Package: postgresql Vulnerability: insecure temporary file...

DSA-577-1 postgresql - symlink vulnerability

Bulletin has no description...

USN-6-1: postgresql contributed script vulnerability

Recently, Trustix Secure Linux discovered a vulnerability in the postgresql-contrib package. The script "makeoidjoinscheck" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the script...

GLSA-200410-16 : PostgreSQL: Insecure temporary file use in make_oidjoins_check

The remote host is affected by the vulnerability described in GLSA-200410-16 PostgreSQL: Insecure temporary file use in makeoidjoinscheck The makeoidjoinscheck script insecurely creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create...

PostgreSQL make_oidjoins_check Arbitrary File Overwrite

The remote PostgreSQL server, according to its version number, is vulnerable to an unspecified insecure temporary file creation flaw, which may allow a local attacker to overwrite arbitrary files with the privileges of the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Debian DSA-397-1 : postgresql - buffer overflow

Tom Lane discovered a buffer overflow in the toascii function in PostgreSQL. This allows remote attackers to execute arbitrary code on the host running the database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

SUSE-SA:2002:038: postgresql

The remote host is missing the patch for the advisory SUSE-SA:2002:038 postgresql. The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems. The buffer overflows are located in: handling long datetime input lpad and rpad function with multiby...