JVN/CVE Demo: Cveinfos

CVE

Id: 26635
CVE No.: CVE-2007-3278
Status: Candidate
Description: PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Phase: Assigned (20070619)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
270504	26635	CVE-2007-3278	BUGTRAQ:20070616 Having Fun With PostgreSQL	View
270505	26635	CVE-2007-3278	URL:http://www.securityfocus.com/archive/1/archive/1/471541/100/0/threaded	View
270506	26635	CVE-2007-3278	BUGTRAQ:20070618 Re: Having Fun With PostgreSQL	View
270507	26635	CVE-2007-3278	URL:http://www.securityfocus.com/archive/1/471644/100/0/threaded	View
270508	26635	CVE-2007-3278	MISC:http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt	View
270509	26635	CVE-2007-3278	MISC:http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf	View
270510	26635	CVE-2007-3278	DEBIAN:DSA-1460	View
270511	26635	CVE-2007-3278	URL:http://www.debian.org/security/2008/dsa-1460	View
270512	26635	CVE-2007-3278	DEBIAN:DSA-1463	View
270513	26635	CVE-2007-3278	URL:http://www.debian.org/security/2008/dsa-1463	View
270514	26635	CVE-2007-3278	GENTOO:GLSA-200801-15	View
270515	26635	CVE-2007-3278	URL:http://security.gentoo.org/glsa/glsa-200801-15.xml	View
270516	26635	CVE-2007-3278	HP:HPSBTU02325	View
270517	26635	CVE-2007-3278	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154	View
270518	26635	CVE-2007-3278	HP:SSRT080006	View
270519	26635	CVE-2007-3278	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154	View
270520	26635	CVE-2007-3278	MANDRIVA:MDKSA-2007:188	View
270521	26635	CVE-2007-3278	URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:188	View
270522	26635	CVE-2007-3278	REDHAT:RHSA-2008:0038	View
270523	26635	CVE-2007-3278	URL:http://www.redhat.com/support/errata/RHSA-2008-0038.html	View
270524	26635	CVE-2007-3278	REDHAT:RHSA-2008:0039	View
270525	26635	CVE-2007-3278	URL:http://www.redhat.com/support/errata/RHSA-2008-0039.html	View
270526	26635	CVE-2007-3278	REDHAT:RHSA-2008:0040	View
270527	26635	CVE-2007-3278	URL:http://www.redhat.com/support/errata/RHSA-2008-0040.html	View
270528	26635	CVE-2007-3278	SUNALERT:103197	View
270529	26635	CVE-2007-3278	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1	View
270530	26635	CVE-2007-3278	SUNALERT:200559	View
270531	26635	CVE-2007-3278	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1	View
270532	26635	CVE-2007-3278	UBUNTU:USN-568-1	View
270533	26635	CVE-2007-3278	URL:http://www.ubuntulinux.org/support/documentation/usn/usn-568-1	View
270534	26635	CVE-2007-3278	OVAL:oval:org.mitre.oval:def:10334	View
270535	26635	CVE-2007-3278	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10334	View
270536	26635	CVE-2007-3278	VUPEN:ADV-2008-0109	View
270537	26635	CVE-2007-3278	URL:http://www.vupen.com/english/advisories/2008/0109	View
270538	26635	CVE-2007-3278	VUPEN:ADV-2008-1071	View
270539	26635	CVE-2007-3278	URL:http://www.vupen.com/english/advisories/2008/1071/references	View
270540	26635	CVE-2007-3278	OSVDB:40899	View
270541	26635	CVE-2007-3278	URL:http://osvdb.org/40899	View
270542	26635	CVE-2007-3278	SECUNIA:28376	View
270543	26635	CVE-2007-3278	URL:http://secunia.com/advisories/28376	View
270544	26635	CVE-2007-3278	SECUNIA:28438	View
270545	26635	CVE-2007-3278	URL:http://secunia.com/advisories/28438	View
270546	26635	CVE-2007-3278	SECUNIA:28445	View
270547	26635	CVE-2007-3278	URL:http://secunia.com/advisories/28445	View
270548	26635	CVE-2007-3278	SECUNIA:28437	View
270549	26635	CVE-2007-3278	URL:http://secunia.com/advisories/28437	View
270550	26635	CVE-2007-3278	SECUNIA:28454	View
270551	26635	CVE-2007-3278	URL:http://secunia.com/advisories/28454	View
270552	26635	CVE-2007-3278	SECUNIA:28477	View
270553	26635	CVE-2007-3278	URL:http://secunia.com/advisories/28477	View
270554	26635	CVE-2007-3278	SECUNIA:28479	View
270555	26635	CVE-2007-3278	URL:http://secunia.com/advisories/28479	View
270556	26635	CVE-2007-3278	SECUNIA:28679	View
270557	26635	CVE-2007-3278	URL:http://secunia.com/advisories/28679	View
270558	26635	CVE-2007-3278	SECUNIA:29638	View
270559	26635	CVE-2007-3278	URL:http://secunia.com/advisories/29638	View
270560	26635	CVE-2007-3278	XF:postgresql-dblink-sql-injection(35142)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
57020	JVNDB-2007-005712	PostgreSQL の dblink における全てのライブラリから関数をマッピングおよび実行される脆弱性	PostgreSQL の Database Link ライブラリ (dblink) は、関数を実装するため、全てのライブラリから関数をマッピングおよび実行される脆弱性が存在します。	CVE-2007-3280	26635	9		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005712.html	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.35 MB
View render complete	2.84 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.86
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	404.13
Event: Controller.beforeRender	6.33
» Processing toolbar data	4.69
Rendering View	19.41
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	17.85
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	1.04
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.14
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/26635
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/26635
Remote Port	56992
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.148
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.78.197
Http Via	1.1 squid-proxy-5b5d847c96-v2jzj (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.148
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.148
Unique Id	aFevu-bhRNiZZJqRZlCNqwAAAxI
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.148
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.148
Redirect Unique Id	aFevu-bhRNiZZJqRZlCNqwAAAxI
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.148
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.148
Redirect Redirect Unique Id	aFevu-bhRNiZZJqRZlCNqwAAAxI
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1750577083.1451
Request Time	1750577083

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files