Moderate: Red Hat Security Advisory: postgresql security update

Updated PostgreSQL packages that correct a buffer overflow in the toascii routines are now available. PostgreSQL is an advanced Object-Relational database management system DBMS. Two bugs that can lead to buffer overflows have been found in the PostgreSQL abstract data type to ASCII conversion...

[SECURITY] [DSA 397-1] New PostgreSQL packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 397-1 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2003 http://www.debian.org/security/faq -...

PostgreSQL to_ascii() Function Remote Overflows

According to its version number, the PostgreSQL server listening on this port is vulnerable to two buffer overflows in the toascii function that could allow an attacker who can query the remote database to execute arbitrary code, subject to the privileges under which the service operates...

CVE-2003-0901

The CVE-2003-0901 issue affects PostgreSQL 7.2.x and 7.3.x up to 7.3.3 (before 7.3.4) with a buffer overflow in the to_ascii conversion function, allowing remote code execution. Debian, Red Hat, Mandrake/Mandriva and other advisories describe the vulnerability and the need to upgrade to patched p...

CVE-2003-0515

SQL injection vulnerabilities in the 1 PostgreSQL or 2 MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges...

CVE-2003-0515

The CVE-2003-0515 issue affects teapop (POP-3 server) up to version 0.3.5, where the PostgreSQL and MySQL authentication modules do not properly escape user input in SQL queries. This root cause allows an attacker to execute arbitrary SQL under the database user’s privileges, potentially leading ...

CVE-2003-0500

Vulnerability: ProFTPD’s PostgreSQL authentication module (mod_sql_postgres) is affected in ProFTPD versions before 1.2.9rc1, due to a SQL injection via the USER name parameter. Impact: remote attackers could bypass authentication or steal passwords and gain privileges by executing arbitrary SQL....

phpBB password disclosure by sql injection

Hi There is sql injection vuln in phpBB. The variable "topicid" is passed directly from GET to sql query in /viewtopic.php. It can be used to get md5 passwords for users. I am attaching details and proof of concept code. I've only tested this on mysql 4 and pgsql at my home machines so I might ha...

CVE-2002-0802

The CVE-2002-0802 entry documents a vulnerability in PostgreSQL 6.5.x when using the SQL_ASCII encoding: multibyte support can consume an extra character while processing a character that cannot be converted, potentially removing an escape character from the query and making the application susce...

CVE-2002-1402

Buffer overflows in the 1 TZ and 2 SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code...

CVE-2002-1402

Buffer overflows in the 1 TZ and 2 SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code...

CVE-2002-1397

CVE-2002-1397 refers to a buffer overflow in the cash_words() function of PostgreSQL 7.2 and earlier. The vulnerability allows local users to cause a denial of service and potentially execute arbitrary code via a malformed argument (notably a large negative value), linked to integer signedness/bu...

CVE-2002-1398

CVE-2002-1398 describes a buffer overflow in the PostgreSQL date parser before 7.2.2. The issue allows denial of service and potentially arbitrary code execution when processing a long date string, i.e., a vulnerability in handling long datetime input. Multiple connected advisories (Red Hat RHSA-...

CVE-2002-1399

The CVE-2002-1399 entry concerns PostgreSQL up to version 7.2.2, with the cash_out function (and possibly other functions) affected by a flaw likely caused by processing an invalid integer input as a different data type. This vulnerability is described as unknown impact in the primary CVE record,...

CVE-2002-1401

CVE-2002-1401 concerns PostgreSQL 7.2.3 and earlier, where buffer overflows in circle_poly, path_encode, and path_add (also misnamed path_addr) allow denial of service and possibly arbitrary code execution, likely from an integer overflow. Public advisories indicate fixes in newer PostgreSQL rele...

CVE-2002-1402

CVE-2002-1402 refers to buffer overflows in the TZ and SET TIME ZONE environment variables for PostgreSQL 7.2.1 and earlier, enabling local users to cause a denial of service and possibly execute arbitrary code. Connected documents confirm this issue across multiple distributions with multiple re...

CVE-2002-1400

PostgreSQL 7.2.x is affected by a heap-based buffer overflow in repeat() (CVE-2002-1400) that can allow remote or local code execution depending on the context. Affected versions before 7.2.2 are implicated; various advisories note fixes in updated 7.2.2 (and backported fixes to 7.2.1/7.2.3 in so...

PT-2002-2381 · Postgresql · Postgresql

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue makes it easier for remote attackers to guess passwords via a brute force attack because PostgreSQL uses the username for a salt when generating passwords. Recommendations: At...

CVE-2002-0972

Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions 1 lpad or 2 rpad...

@(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL

//@Mordred Labs advisory 0x0003 Release data: 20/08/02 Name: Buffer overflow in PostgreSQL Versions affected: all versions Risk: high -- Description: ...PostgreSQL is a sophisticated Object-Relational DBMS, supporting almost all SQL constructs, including subselects, transactions, and user-defined...