17 matches found
ALPINE-CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
UBUNTU-CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
Vulnerability in core server (CVE-2026-6478)
PostgreSQL discloses MD5-hashed passwords via covert timing channel Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all...
EUVD-2001-1360
Malware in sbrugna...
CVE-2003-0515
SQL injection vulnerabilities in the 1 PostgreSQL or 2 MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges...
Broadcom Brocade SANnav 访问控制错误漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom, Inc. A security vulnerability exists in versions prior to Broadcom Brocade SANnav 2.3.0a that stems from the vulnerability of the PostgreSQL implementation to an incorrect local authentication flaw that allows an attack...
Metasploit Weekly Wrap-Up
PowershellPoint This week’s new features and improvements start with two new exploit modules leveraging CVE-2023-34960 Chamilo versions 1.11.18 and below and CVE-2023-26469 in Jorani 1.0.0. Like CVE-2023-34960, I too, feel attacked by PowerPoint sometimes. We also have several improvements,...
RHEL 6 : postgresql (RHSA-2017:2860)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2860 advisory. - postgresql: Empty password accepted in some authentication methods CVE-2017-7546 Note that Nessus has not tested for this issue but has instead...
libpam-pgsql pam_pgsql.c文件绕过认证漏洞
BUGTRAQ ID: 29360 libpam-pgsql是使用PostgreSQL数据库认证用户的PAM模块。 libpam-pgsql的pampgsql.c文件中的pamsmauthenticate函数存在安全漏洞,如果在认证过程中发送了SIGINT,例如在sudo要求输入用户口令时按下Ctrl+C,则无需输入正确口令sudo也可以成功。 libpam-pgsql 0.6.3 libpam-pgsql ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
security flaw
Multiple format string vulnerabilities in logging functions in modauthpgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username...
DSA-469 pam-pgsql - missing input sanitising
Bulletin has no description...
CVE-2003-0500
SQL injection vulnerability in the PostgreSQL authentication module modsqlpostgres for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name...
DSA-338 proftpd - SQL injection
Bulletin has no description...
PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
The remote FTP server is vulnerable to a SQL injection when it processes the USER command. An attacker may exploit this flaw to log into the remote host as any user. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11768; scriptversion"1.21"; scriptcvsdate"Date:...
CVE-2001-1379
The PostgreSQL authentication modules 1 modauthpgsql 0.9.5, and 2 modauthpgsqlsys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name...