Mandriva Linux Security Advisory : courier-authlib (MDVSA-2013:068)

When using the authpgsql module and if the Postgres server goes down, authpgsql will start leaking memory. A packaging flaw was discovered that caused the courier-authlib-devel package to be installed when installing for example maildrop. This update fixes both of these issues. %NASLMINLEVEL 7030...

VMSA-2013-0005:VMware vFabric Postgres security updates

VMSA-2013-0005 VMware vFabric Postgres security updates VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0005 VMware Security Advisory Synopsis: VMware vFabric Postgres security updates VMware Security Advisory Issue date: 2013-04-04 VMware Security Advisory Updated on:...

RHEL 6 : resource-agents (RHSA-2011:1580)

An updated resource-agents package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base...

Multi Gather pgpass Credentials

This module will collect the contents of all users' .pgpass or pgpass.conf file and parse them for credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather pgpass Credentials',...

postgresql, postgresql84 security update

CentOS Errata and Security Advisory CESA-2012:1037 Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common...

Bitweaver CMS 2.8.1 Cross Site Scripting

/. /\ /\ /\ /\ / / // | | \ \ \ \ / / / /// / // / / / /// / // | / / \ | | | / \ / / / / .\ / / \ / / \ / / .\ / / \ / / \ | |/ \ / / / | | |/ \ | / / / / / / / / / / / / / / | | | \ // / /||/ /| // \// / // / /\// / // / /||| / / / / / / / / / / / / / /...

Fedora 15 : postgresql-9.0.7-1.fc15 (2012-2589)

Update to latest Postgres releases --- resolves some security and data loss bugs http://www.postgresql.org/docs/9.1/static/release-9-1-3.html http://www.postgresql.org/docs/9.0/static/release-9-0-7.html Note that Tenable Network Security has extracted the preceding description block directly from...

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the...

Postgres Schema Dump

This module extracts the schema information from a Postgres server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postgres Schema Dump', 'Description' = % This module extracts the schema...

The Mole - Another Automatic SQL Injection exploitation tool

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based...

The Mole - Another Automatic SQL Injection exploitation tool

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based...

Postgres Password Hashdump

This module extracts the usernames and encrypted password hashes from a Postgres server and stores them for later cracking. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postgres Password...

rgmanager security, bug fix, and enhancement update

2.0.52-21 - rgmanager: Fix bad passing of SFLFAILURE up fixbadpassingofsflfailureup.patch Resolves: rhbz711521 2.0.52-20 - resource-agents: Improve LDLIBRARYPATH handling by SAP resourceagentsimproveldlibrarypathhandlingbysap.patch Resolves: rhbz710637 2.0.52-19 - Fix changelog format - rgmanager...

Low: Red Hat Security Advisory: rgmanager security, bug fix, and enhancement update

An updated rgmanager package that fixes one security issue, several bugs, and adds multiple enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score,...

Analysis of the postgresql database attack techniques a-vulnerability warning-the black bar safety net

postgresql simple description PostgreSQL is a very complete free software object-relational database management system, can be said to be the world's most advanced, most powerful free database management system. PostgreSQL is based on the University of California, Berkeley Department of computer...

EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass

Added: 03/21/2011 BID: 46662 Background Postgres Plus Advanced Server is an enterprise database solution. It includes several productivity tools, such as Migration Studio, Postgres Studio, DBA Management Server, and DBA Monitoring Console. Problem An authentication bypass vulnerability exists in...

EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass

Added: 03/21/2011 BID: 46662 Background Postgres Plus Advanced Server is an enterprise database solution. It includes several productivity tools, such as Migration Studio, Postgres Studio, DBA Management Server, and DBA Monitoring Console. Problem An authentication bypass vulnerability exists in...

ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability

ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-102 March 2, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Postgres -- Affected Products: Postgres Plus SQL --...

Postgres Plus SQL authentication bypass

Unauthorized access to DBA Management Server TCP/9000, TCP/9363...

Nagios XI users.php SQL Injection

Nagios XI users.php SQL Injection Advisory Information Advisory ID: NGENUITY-2010-008 Date published: 8/24/2010 Vulnerability Information Class: SQL Injection SQLi Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description...