CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3279

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.2000%
EPSS Percentile23.29th
PublishedJun 19, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Affected Platforms (CPE)

πŸ“¦
Postgresql

Postgresql

= 8.1

References & Advisories

πŸ”— http://osvdb.org/40900
πŸ”— http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
πŸ”— http://www.mandriva.com/security/advisories?name=MDKSA-2007:188
πŸ”— http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
πŸ”— http://www.securityfocus.com/archive/1/471541/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/35144
πŸ”— http://osvdb.org/40900
πŸ”— http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

Related Vulnerabilities

CVE-2003-050010.0

SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote a...

CVE-2005-365610.0

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication agai...

CVE-2002-139910.0

Unknown vulnerability in cash_out and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before...

CVE-2013-190210.0

PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates in...