Showing 1 - 3 of 3

CVE-2019-9193

Status Candidate

Overview

** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.

Related Files

PostgreSQL 9.6.1 Remote Code Execution: Posted Apr 6, 2023; Authored by Paulo Trindade, Weslley Shaimon, Bruno Stabelini, Diego Farias; PostgreSQL version 9.6.1 suffers from an authenticated remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2019-9193; SHA-256 | 3bd97649172804b37060aa4281926dc159b04ad43309ca09a925f74901bc50a0; Download | Favorite | View

PostgreSQL 11.7 Remote Code Execution: Posted Mar 30, 2022; Authored by b4keSn4ke; PostgreSQL versions 9.3 through 11.7 remote code execution exploit.; tags | exploit, remote, code execution; advisories | CVE-2019-9193; SHA-256 | e597a53141013a6e5aaeefcbb4e28ade73077b7f1f7b8c7994ae9d9031e1d2ff; Download | Favorite | View

PostgreSQL COPY FROM PROGRAM Command Execution: Posted May 7, 2019; Authored by Jacob Wilkin | Site metasploit.com; Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a new table, then execute system commands in the context of copying the command output into the table. This Metasploit module should work on all Postgres systems running version 9.3 and above. For Linux and OSX systems, target 1 is used with cmd payloads such as: cmd/unix/reverse_perl. For Windows Systems, target 2 is used with powershell payloads such as: cmd/windows/powershell_reverse_tcp. Alternatively target 3 can be used to execute generic commands, such as a web_delivery meterpreter powershell payload or other customized command.; tags | exploit, arbitrary; systems | linux, windows, unix, apple; advisories | CVE-2019-9193; SHA-256 | c46a7605f2f59df142894ab93e39c6fbb9ceb49da8db00d316382c22458faf6e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

CVE-2019-9193

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems