MidnightBSD

Advisories for guiseppe_tanzilli_and_matthias_eckermann

CVE-2001-1379 HIGH

The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
guiseppe_tanzilli_and_matthias_eckermann mod_auth_pgsql 0.9.5
guiseppe_tanzilli_and_matthias_eckermann mod_auth_pgsql 0.9.6
CVE-2005-3656 HIGH

Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
guiseppe_tanzilli_and_matthias_eckermann mod_auth_pgsql *
guiseppe_tanzilli_and_matthias_eckermann mod_auth_pgsql 0.9.5
guiseppe_tanzilli_and_matthias_eckermann mod_auth_pgsql 0.9.6