15 matches found
EUVD-2012-2640
Malware in sbrugna...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server products. A malicious party can exploit the vulnerabilities to perform attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security measure Oracle has...
Denial Of Service (DoS)
PostgreSQL is an advanced object-relational database management system DBMS. A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed...
openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)
Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...
Amazon Linux AMI : postgresql8 (ALAS-2012-94)
A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when...
SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)
This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...
Mandriva Update for postgresql MDVSA-2012:092 (postgresql)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Scientific Linux Security Update : postgresql and postgresql84 on SL6.x i386/x86_64 (20120625)
PostgreSQL is an advanced object-relational database management system DBMS. A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed...
CentOS Update for postgresql84 CESA-2012:1037 centos5
Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2012:1037 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
CVE-2012-2655
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service server crash by adding the 1 SECURITY DEFINER or 2 SET attributes to a procedural language's call handler...
Code injection
PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service server crash by adding the 1 SECURITY DEFINER or 2 SET attributes to a procedural language's call handler...
Debian DSA-2491-1 : postgresql-8.4 - several vulnerabilities
Two vulnerabilities were discovered in PostgreSQL, a SQL database server : - CVE-2012-2143 The crypttext, text function in the pgcrypto contrib module did not handle certain passwords correctly when producing traditional DES-based hashes. Characters after the first 0x80 byte were ignored. -...
Mandriva Linux Security Advisory : postgresql (MDVSA-2012:092)
Multiple vulnerabilities has been discovered and corrected in postgresql : Fix incorrect password transformation in contrib/pgcrypto's DES crypt function Solar Designer. If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much...
[SECURITY] [DSA 2491-1] postgresql-8.4 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2491-1 [email protected] http://www.debian.org/security/ Florian Weimer June 09, 2012 http://www.debian.org/security/faq -...
PL/Tcl): SECURITY DEFINER function keyword bypass
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...