CVE-2006-6469

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port 5432/tcp, which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon...

MDweb 1.3 - chemin_appli Remote File Inclusion

MDweb 1.3 - cheminappli Remote File Inclusion ToXiC Mdweb132-postgres: Remote File Inclusion by ToXiC CreW ToXic Security Italian CreW BuG FounD by Drago84 Application Affect: Mdweb132-postgres Sorce Code: http://jc.desconnets.free.fr/mdweb/install/windows/mdweb132-postgres-sans-installeur.zip...

MDweb 1.3 - 'chemin_appli' Remote File Inclusion

ToXiC Mdweb132-postgres: Remote File Inclusion by ToXiC CreW ToXic Security Italian CreW BuG FounD by Drago84 Application Affect: Mdweb132-postgres Sorce Code: http://jc.desconnets.free.fr/mdweb/install/windows/mdweb132-postgres-sans-installeur.zip Page: formorg.inc.php countryinsert.php Problem:...

CVE-2006-4041

SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors...

CVE-2006-4041

SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors...

CVE-2006-4041

SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors...

CVE-2006-4041

CVE-2006-4041: Pike before 7.6.86 with PostgreSQL is vulnerable to SQL injection, allowing remote attackers to execute arbitrary SQL commands via unspecified attack vectors. Affected products (Pike) and advisories (Ubuntu USN-367-1, Gentoo GLSA 200608-10, SUSE CVE page) indicate the risk; remedia...

Fedora Core 3 : libgda-1.0.4-3.1 (2005-1029)

Wed Oct 26 2005 Caolan McNamara 1:1.0.4-3.1 - CVE-2005-2958 libgda format string issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

GLSA-200506-02 : Mailutils: SQL Injection

The remote host is affected by the vulnerability described in GLSA-200506-02 Mailutils: SQL Injection When GNU Mailutils is built with the 'mysql' or 'postgres' USE flag, the sqlescapestring function of the authentication module fails to properly escape the '' character, rendering it vulnerable t...

GNU Mailutils <= 0.6 Multiple Vulnerabilities

GNU Mailutils is a collection of mail utilities, including an IMAP4 daemon, a POP3 daemon, and a very simple mail client. The remote host is running a version of GNU Mailutils containing several critical flaws in its IMAP4 daemon and its mail client 'mail'. By exploiting these issues, a remote...

Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Greetings, There appears to be some deficiencies in both the documentation of the 'md5' authentication methology in pghba.conf and in the md5 hash generation which is stored in pgshadow. The md5 hash which is generated for and stored in pgshadow does not use a random salt but instead uses the...

Postgres хранит пароли в открытом виде

Пароли хранятся в незашифрованном виде в файле pgshadow...