229 matches found
CVE-2007-3279
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL plpgsql language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing...
CVE-2007-3279
PostgreSQL 8.1+ plpgsql allows certain privileges to PUBLIC, enabling remote attackers to create/execute functions (CVE-2007-3279). Mandriva advisory MDKSA-2007:188 describes updated packages to fix these issues; remediation involves applying the vendor patch/update for affected PostgreSQL/plpgsq...
php security update
CentOS Errata and Security Advisory CESA-2007:0076 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
Debian DSA-1087-1 : postgresql - programming error
Several encoding problems have been discovered in PostgreSQL, a popular SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2313 Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data...
Debian DSA-935-1 : libapache2-mod-auth-pgsql - format string vulnerability
iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
php security update
CentOS Errata and Security Advisory CESA-2006:0669 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
USN-288-1: PostgreSQL server/client vulnerabilities
CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques such as replacing a single quote '''''''...
[SECURITY] [DSA 963-1] New mydns packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 963-1 [email protected] http://www.debian.org/security/ Martin Schulze February 2nd, 2006 http://www.debian.org/security/faq -...
Ubuntu 4.10 / 5.04 / 5.10 : libapache2-mod-auth-pgsql vulnerability (USN-239-1)
Several format string vulnerabilities were discovered in the error logging handling. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache user 'www-data'. Not...
[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...
Apache mod-auth-pgsql authorization module format string vulnerabilities
Several format string bugs in error logging...
DSA-935-1 libapache2-mod-auth-pgsql - format string vulnerability
Bulletin has no description...
[SECURITY] [DSA 771-1] New pdns packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 771-1 [email protected] http://www.debian.org/security/ Martin Schulze August 1st, 2005 http://www.debian.org/security/faq -...
FreeBSD : oops -- format string vulnerability (1033750f-cab4-11d9-9aed-000e0c2e438a)
A RST/GHC Advisory reports that there is an format string vulnerability in oops. The vulnerability can be found in the MySQL/PgSQL authentication module. Succesful exploitation may allow execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
FreeBSD : postgresql -- multiple buffer overflows in PL/PgSQL parser (6b4b0b3f-8127-11d9-a9e7-0001020eed82)
The PL/PgSQL parser in postgresql is vulnerable to several buffer overflows. These could be exploited by a remote attacker to execute arbitrary code with the permissions of the postgresql server by running a specially crafted query. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-726-1 : oops - format string vulnerability
A format string vulnerability has been discovered in the MySQL/PgSQL authentication module of Oops, a caching HTTP proxy server written for performance. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 726-1] New oops packages fix format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 726-1 [email protected] http://www.debian.org/security/ Martin Schulze May 20th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 726-1] New oops packages fix format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 726-1 [email protected] http://www.debian.org/security/ Martin Schulze May 20th, 2005 http://www.debian.org/security/faq -...
DSA-726-1 oops - format string vulnerability
Bulletin has no description...
oops -- format string vulnerability
A RST/GHC Advisory reports that there is an format string vulnerability in oops. The vulnerability can be found in the MySQL/PgSQL authentication module. Succesful exploitation may allow execution of arbitrary code...