Debian DSA-469-1 : pam-pgsql - missing input sanitising

Primoz Bratanic discovered a bug in libpam-pgsql, a PAM module to authenticate using a PostgreSQL database. The library does not escape all user-supplied data that are sent to the database. An attacker could exploit this bug to insert SQL statements. %NASLMINLEVEL 70300 C Tenable Network Security...

CVE-2004-0366

SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements...

CVE-2004-0366

Removed by vendor...

CVE-2004-0366

SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements...

CVE-2004-0366

CVE-2004-0366 affects libpam-pgsql (pam-pgsql) with a SQL injection vulnerability present in versions prior to 0.5.2. The underlying issue is missing input sanitising that allows an attacker to insert arbitrary SQL statements when data is sent to PostgreSQL. Debian and OpenVAS entries document th...