Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postgresql vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2003-0040
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and previous versions allows remote malicious users to execute SQL code via the user name.
Inter7 Courier-imap 1.6
Double Precision Incorporated Courier Mta 0.37.3
7.5
CVSSv2
CVE-2002-1397
Vulnerability in the cash_words() function for PostgreSQL 7.2 and previous versions allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.
Postgresql Postgresql 6.5.3
Postgresql Postgresql 7.0.3
Postgresql Postgresql 6.3.2
Postgresql Postgresql 7.1.3
Postgresql Postgresql 7.2
Postgresql Postgresql 7.1
Postgresql Postgresql 7.1.1
Postgresql Postgresql 7.1.2
7.5
CVSSv2
CVE-2002-1400
Heap-based buffer overflow in the repeat() function for PostgreSQL prior to 7.2.2 allows malicious users to execute arbitrary code by causing repeat() to generate a large string.
Postgresql Postgresql 7.1.3
Postgresql Postgresql 7.2
Postgresql Postgresql 7.1.1
Postgresql Postgresql 7.1.2
Postgresql Postgresql 7.0.3
Postgresql Postgresql 7.1
Postgresql Postgresql 6.3.2
Postgresql Postgresql 6.5.3
Postgresql Postgresql 7.2.1
7.5
CVSSv2
CVE-2003-0025
Multiple SQL injection vulnerabilities in IMP 2.2.8 and previous versions allow remote malicious users to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
Horde Imp 2.2
Horde Imp 2.2.7
Horde Imp 2.2.8
Horde Imp 2.2.1
Horde Imp 2.2.2
Horde Imp 2.2.3
Horde Imp 2.2.4
Horde Imp 2.2.5
Horde Imp 2.2.6
7.5
CVSSv2
CVE-2002-0802
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
Postgresql Postgresql 6.5.0
7.5
CVSSv2
CVE-2001-1089
libnss-pgsql in nss-pgsql 0.9.0 and previous versions allows remote malicious users to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
Joerg Wendland Libnss-pgsql 0.9.0
Alessandro Gardich Nss Postgresql 0.6.1
7.5
CVSSv2
CVE-2001-1090
nss_postgresql 0.6.1 and before allows a remote malicious user to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
Alessandro Gardich Nss Postgresql 0.6.1
7.5
CVSSv2
CVE-2001-1379
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote malicious users to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
Guiseppe Tanzilli And Matthias Eckermann Mod Auth Pgsql 0.9.5
Guiseppe Tanzilli And Matthias Eckermann Mod Auth Pgsql 0.9.6
7.5
CVSSv2
CVE-2001-0201
The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote malicious users to execute arbitrary SQL queries via the deletecontact.php program.
Umut Gokbayrak Postaci 1.1.3
Umut Gokbayrak Postaci 1.1.2
7.2
CVSSv2
CVE-2021-3515
A shell injection flaw was found in pglogical in versions prior to 2.3.4 and prior to 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscri...
2ndquadrant Pglogical
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »