CVE-2007-3279

EPSS 2.4%
Published 19.06.2007 21:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.4%	0.844

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2007:188

http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

http://www.securityfocus.com/archive/1/471541/100/0/threaded

http://osvdb.org/40900

https://exchange.xforce.ibmcloud.com/vulnerabilities/35144

https://nvd.nist.gov/vuln/detail/CVE-2007-3279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3279

EUVD