cve/CVE-2014-0060.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 19:16:22 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

POC

Reference

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/DButter/whitehat_public
https://github.com/Dokukin1/Metasploitable
https://github.com/Iknowmyname/Nmap-Scans-M2
https://github.com/NikulinMS/13-01-hw
https://github.com/Zhivarev/13-01-hw
https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
https://github.com/zzzWTF/db-13-01

1.2 KiB Raw Blame History

CVE-2014-0060

Description

POC

Reference

Github

1.2 KiB

Raw Blame History