SUSE CVE-2012-3488

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...

Amazon Linux: Security Advisory (ALAS-2012-129)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2012-121)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)

This version upgrade of PostgreSQL fixes following issues : - Bugfix release 9.0.10 : - Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes. - Improve page-splitting decisions in GiST indexes. - Fix cascading privilege revoke to stop if privileges a...

openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)

Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...

xml2 Fuzzer 1.0 exploit

xml2 Fuzzer is a fuzzing utility that daemonizes in order to fuzz the client side of a web browser. / xml2 fuzz ver 1.0 -- C:\x90c\xml2fuzz ./xmlfuzz / \ / \ | || | | | \ / / . || | | | / | include include define FUZZDAEMONPORT 9090 / fuzz type / define AAAAFUZZ 1 define NUMERICFUZZ 2 static char...

CentOS Update for postgresql CESA-2012:1264 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : postgresql on SL5.x i386/x86_64 (20120913)

It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations XSLT. An unprivileged database user could use this flaw to read and...

CentOS 5 : postgresql (CESA-2012:1264)

Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PostgreSQL privilege escalation

Privilege escalations via XML2 extension...

[USN-1542-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-1542-1 August 21, 2012 postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these...

Ubuntu Update for postgresql-9.1 USN-1542-1

Ubuntu Update for Linux kernel vulnerabilities USN-1542-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15421.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for postgresql-9.1 USN-1542-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities (USN-1542-1)

Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. CVE-2012-3488 Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2...

CVE-2012-3488

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...

MyPHPcommander 2.0 - package.php Remote File Inclusion

MyPHPcommander 2.0 - package.php Remote File Inclusion script : http://sourceforge.net/projects/myphpcommander file : package.php vuln : requireonce $glroot.'system/lib/xml2.php'; Contact : Cold z3ro , [email protected] Exploit:...