seeing is believing
Showing 1 - 8 of 8 RSS Feed

CVE-2013-1899

Status Candidate

Overview

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

Related Files

Unisphere Central Redirect / Access Bypass / DoS / Updates
Posted Jan 30, 2015
Site emc.com

Unisphere Central versions prior to 4.0 suffer from a large amount of security vulnerabilities and an update has been released that includes a fix for an unvalidated redirect issue along with various embedded component vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2010-5298, CVE-2011-0020, CVE-2011-0064, CVE-2011-3389, CVE-2012-2137, CVE-2012-5885, CVE-2012-6085, CVE-2012-6548, CVE-2012-6549, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1772, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1899
MD5 | 77b7ca247803592598a9f050a2092ac7
Gentoo Linux Security Advisory 201408-15
Posted Sep 2, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-15 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which may allow remote Denial of Service. Versions prior to 9.3.3 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0255, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-2669
MD5 | ce9cc766b65b56a253167e601bcaef0e
Apple Security Advisory 2013-09-17-1
Posted Sep 17, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-17-1 - OS X Server v2.2.2 is now available and addresses issues in ClamAV, PostgreSQL, and Wiki Server.

tags | advisory
systems | apple, osx
advisories | CVE-2013-2020, CVE-2013-2021, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1034
MD5 | 7a34988774da41ec6514ba0349d1e1fd
Apple Security Advisory 2013-09-12-1
Posted Sep 13, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.

tags | advisory
systems | apple, osx
advisories | CVE-2012-0883, CVE-2012-2686, CVE-2012-2687, CVE-2012-3499, CVE-2012-3817, CVE-2012-4244, CVE-2012-4558, CVE-2012-5166, CVE-2012-5688, CVE-2013-0166, CVE-2013-0169, CVE-2013-1025, CVE-2013-1026, CVE-2013-1027, CVE-2013-1028, CVE-2013-1029, CVE-2013-1030, CVE-2013-1031, CVE-2013-1032, CVE-2013-1033, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-1903
MD5 | 96c6f398543b51223ffc420751d9b016
RSA Authentication Manager 8.0 Injection / Disclosure
Posted May 29, 2013
Site emc.com

RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2013-0947, CVE-2013-1899
MD5 | 807309ecf23a1fa80858b34a505c1224
Mandriva Linux Security Advisory 2013-142
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-142 - Multiple vulnerabilities has been discovered and corrected in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service , and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the pg_start_backup or pg_stop_backup functions. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2013-0255, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
MD5 | 2188b9e96631299ac2c4f5fa656bcbdd
Debian Security Advisory 2658-1
Posted Apr 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2658-1 - Several vulnerabilities were discovered in PostgreSQL database server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
MD5 | 707ab4d80103e63ca05d1e204d47afde
Ubuntu Security Notice USN-1789-1
Posted Apr 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1789-1 - Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. Marko Kreen discovered that PostgreSQL incorrectly generated random numbers. An authenticated attacker could use this flaw to possibly guess another database user's random numbers. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
MD5 | a2e757d9dff9da745aa7bd7726b7a34f
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close