2 matches found
CVE-2003-0672
CVE-2003-0672 describes a format-string vulnerability in pam-pgsql 0.5.2 and earlier, where the username supplied during authentication is treated as a format string when writing logs. This can allow remote attackers to execute arbitrary code with the privileges of the PAM-authenticating process....
CVE-2001-1369
The CVE-2001-1369 issue affects pam-pgsql prior to 0.5.2. It allows remote attackers to bypass authentication or modify user records by injecting SQL into the user or password fields, thereby executing arbitrary SQL. Root cause is SQL injection in authentication-related input. The provided docume...