10

CVE-2007-3279

EPSS 2.4%
Veröffentlicht 19.06.2007 21:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.4%	0.844

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2007:188

http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

http://www.securityfocus.com/archive/1/471541/100/0/threaded

http://osvdb.org/40900

https://exchange.xforce.ibmcloud.com/vulnerabilities/35144

https://nvd.nist.gov/vuln/detail/CVE-2007-3279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3279

EUVD