229 matches found
CVE-2013-0191
libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...
Fedora 20 : php-5.5.10-1.fc20 (2014-3534)
Excerpt from upstream NEWS: 06 Mar 2014, PHP 5.5.10 Core : - Fixed Request 66574i Allow multiple paths in phpiniscannedpath. Remi Date : - Fixed bug 45528 Allow the DateTimeZone constructor to accept timezones per offset too. Derick Fileinfo : - Fixed bug 66731 file: infinite recursion...
Critical: php
Issue Overview: The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of...
Fedora 18 : php-5.4.17-2.fc18 (2013-12315)
04 Jul 2013, PHP 5.4.17 Core : - Fixed bug 64988 Class loading order affects ESTRICT warning. Laruence - Fixed bug 64966 segfault in zenddofcallcommonhelperSPEC. Laruence - Fixed bug 64960 Segfault in gczvalpossibleroot. Laruence - Fixed bug 64936 doc comments picked up from previous scanner run...
Fedora 17 : php-5.4.17-2.fc17 (2013-12354)
04 Jul 2013, PHP 5.4.17 Core : - Fixed bug 64988 Class loading order affects ESTRICT warning. Laruence - Fixed bug 64966 segfault in zenddofcallcommonhelperSPEC. Laruence - Fixed bug 64960 Segfault in gczvalpossibleroot. Laruence - Fixed bug 64936 doc comments picked up from previous scanner run...
SA-CONTRIB-2013-058 - MRBS - Abandoned - Mutliple vulnerabilities
MRBS is a free, GPL, web application using PHP and MySQL/pgsql for booking meeting rooms or other resources. The module doesn't sufficiently filter user supplied data when creating queries which leads to a SQL injection vulnerability. CVE identifiers issued ACVE identifier will be requested, and...
Oracle Linux 5 : php (ELSA-2009-0338)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0338 advisory. - ext/gd: fix overflow2 usage for CVE-2007-3996, CVE-2008-3658 Tenable has extracted the preceding description block directly from the Oracle Linux...
Mandriva Linux Security Advisory : courier-authlib (MDVSA-2013:068)
When using the authpgsql module and if the Postgres server goes down, authpgsql will start leaking memory. A packaging flaw was discovered that caused the courier-authlib-devel package to be installed when installing for example maildrop. This update fixes both of these issues. %NASLMINLEVEL 7030...
Nmap NSE net: pgsql-brute
This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Nmap NSE net: pgsql-brute
Performs password guessing against PostgreSQL. SYNTAX: pgsql.nossl: If set to '1' or 'true', disables SSL. pgsql.version: Force protocol version 2 or 3. passdb: The filename of an alternate password database. userdb: The filename of an alternate username database. unpwdb.passlimit: The maximum...
Debian: Security Advisory (DSA-2173-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2173-1 (pam-pgsql)
The remote host is missing an update to pam-pgsql announced via advisory DSA 2173-1. OpenVAS Vulnerability Test $Id: deb21731.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2173-1 pam-pgsql Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian DSA-2173-1 : pam-pgsql - buffer overflow
It was discovered that pam-pgsql, a PAM module to authenticate using a PostgreSQL database, was vulnerable to a buffer overflow in supplied IP-addresses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 2173-1] pam-pgsql security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2173-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 26, 2011 http://www.debian.org/security/faq -...
pam-pgsql buffer overflow
Buffer overflow via IP address...
[SECURITY] [DSA 2173-1] pam-pgsql security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2173-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 26, 2011 http://www.debian.org/security/faq -...
DSA-2173-1 pam-pgsql - buffer overflow
Bulletin has no description...
pgsql-brute NSE Script
Performs password guessing against PostgreSQL. Script Arguments pgsql.version Force protocol version 2 or 3. pgsql.nossl If set to 1 or true, disables SSL. passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. Example Usage nmap -p 5432...
SLES10: Security update for PHP5
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...
SLES10: Security update for PHP5
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-modphp5 php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd...