7089 matches found
Fedora Core 2 : postgresql-7.4.7-3.FC2.1 (2005-158)
Mon Feb 21 2005 Tom Lane 7.4.7-3.FC2.1 - Repair improper error message in init script when PGVERSION doesn't match. - Arrange for auto update of version embedded in init script. - Fix improper call of strerrorr, which leads to junk error messages in libpq. - Patch additional buffer overruns in...
GForge <= 4.5 Multiple Script XSS
The remote host is running GForge, an open source software development collaborative toolset using PHP and PostgreSQL. The installed version of GForge on the remote host fails to properly sanitize user-supplied input to several parameters / scripts before using it in dynamically-generated pages. ...
[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 759-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 759-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 759-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...
Debian DSA-759-1 : phppgadmin - missing input sanitising
A vulnerability has been discovered in phppgadmin, a set of PHP scripts to administrate PostgreSQL over the WWW, that can lead to disclose sensitive information. Successful exploitation requires that 'magicquotesgpc' is disabled. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
DSA-759-1 phppgadmin - missing input sanitising
Bulletin has no description...
FreeBSD : postgresql -- privilege escalation vulnerability (5d425189-7a03-11d9-a9e7-0001020eed82)
John Heasman and others disovered that non-privileged users could use the LOAD extension to load arbitrary libraries into the postgres server process space. This could be used by non-privileged local users to execute arbitrary code with the privileges of the postgresql server. %NASLMINLEVEL 70300...
FreeBSD : postgresql -- multiple buffer overflows in PL/PgSQL parser (6b4b0b3f-8127-11d9-a9e7-0001020eed82)
The PL/PgSQL parser in postgresql is vulnerable to several buffer overflows. These could be exploited by a remote attacker to execute arbitrary code with the permissions of the postgresql server by running a specially crafted query. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Hydra: PostgreSQL
This plugin runs Hydra to find PostgreSQL accounts and passwords by brute force. To use this plugin, enter the 'Logins file' and the 'Passwords file' under the 'Hydra NASL wrappers options' advanced settings block. TRUSTED...
phpPgAdmin index.php formLanguage Parameter Local File Inclusion
The remote host is running phpPgAdmin, a web-based administration tool for PostgreSQL. The installed version of phpPgAdmin fails to filter directory traversal sequences from user input supplied to the 'formLanguage' parameter of the login form. An attacker can exploit this issue to read files...
phpBB <= 2.0.15 Register Multiple Users Denial of Service (c code)
No description provided by source. / -------------------------------------------------------- Neo Security Team NST® - Advisory 15 - 00/00/06 -------------------------------------------------------- Program: phpBB 2.0.15 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.15 & Lower...
phpBB <= 2.0.15 Register Multiple Users Denial of Service (c code)
Exploit for unknown platform in category web applications ================================================================== phpBB = 2.0.15 Register Multiple Users Denial of Service c code ================================================================== /...
RHEL 4 : postgresql (RHSA-2005:433)
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2005:433 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions,...
Mandrake Linux Security Advisory : postgresql (MDKSA-2005:093)
A number of vulnerabilities were found and corrected in the PostgreSQL DBMS : Two serious security errors have been found in PostgreSQL 7.3 and newer releases. These errors at least allow an unprivileged database user to crash the backend process, and may make it possible for an unprivileged user...
php2014.txt
/ -------------------------------------------------------- Neo Security Team NST® - Advisory 14 - 17/04/05 -------------------------------------------------------- Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact:...
GLSA-200505-12 : PostgreSQL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200505-12 PostgreSQL: Multiple vulnerabilities PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments CAN-2005-1409. It has also been reported that the...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is a SQL compliant, open source object-relational database management system. Description PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments CAN-2005-1409. It has also been reported that the...
PostgreSQL < 8.0.3 Multiple Vulnerabilities
According to its banner, the version of PostgreSQL installed on the remote host may suffer from the following vulnerabilities : - Character Conversion Vulnerability Unprivileged users can call functions supporting client- server character set conversion from SQL commands even though those functio...
USN-118-1: PostgreSQL vulnerabilities
It was discovered that unprivileged users were allowed to call internal character conversion functions. However, since these functions were not designed to be safe against malicious choices of argument values, this could potentially be exploited to execute arbitrary code with the privileges of th...