CVE-2012-3489

The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...

CVE-2012-3489

CVE-2012-3489 affects PostgreSQL’s core server libxml2 support. The issue arises in the libxml2-based parsing path where the xml_parse function can be manipulated via an XML value that references a DTD or an external entity, enabling remote authenticated users to determine the existence of arbitr...

Mandriva Linux Security Advisory : postgresql (MDVSA-2012:139)

Multiple vulnerabilities has been discovered and corrected in postgresql : Prevent access to external files/URLs via contrib/xml2's xsltprocess Peter Eisentraut. libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users...

PostgreSQL 'xml_parse()'任意文件访问漏洞

Bugtraq ID:55074 CVE ID: CVE-2012-3489 PostgreSQL是一款对象关系型数据库管理系统，支持扩展的SQL标准子集。 PostgreSQL解析XML文档中的DTD数据时"xmlparse"函数存在错误，可被利用读取任意文件。 0 PostgreSQL 8.x PostgreSQL 9.x 厂商解决方案 PostgreSQL 9.1.5, 9.0.9, 8.4.13或8.3.20已经修复此漏洞，建议用户下载使用： http://www.postgresql.org...

Mandriva Update for postgresql MDVSA-2012:139 (postgresql)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-3489

The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...