Just think, that maybe a postgresql php coder (or admin if you like it),
email me, and give me *.php sources. Seems like most of his scripts written
in a very insecure and lame style.
Best regards.
This letter has been
Sure not. I even don't argue that.
But i dont like that a postgresql.org could be just that easily owned.
On Wed, 9 Oct 2002, Sir Mordred The Traitor wrote:
Just think, that maybe a postgresql php coder (or admin if you like it),
email me, and give me *.php sources. Seems like most of his
Check out this link, if you need something to laugh at:
http://www.postgresql.org/idocs/index.php?1'
Keeping in mind, that there are bunch of overflows in PostgreSQL(really?),
it is
very dangerous i guess. Right?
This
Nice. That little, cute admin :-).
This is already fixed, and where is 'thanks' i wonder?
I've been talking about sql injection.
How about that in http://www.postgresql.org/mirrors/index.php:
---
Warning: PostgreSQL query failed: ERROR: invalid INET value 'r'
in
And dealing with a real name would be nice, IMHO.
Otherwise we may end up with 'SMtT' as the nickname, 'SMitTy' perhaps ?
:-)
Never camed across with such an offensive bullshit.
But we will not end up with 'SMtT' nor with 'SMitTy', i am sure of it.
Also , i never camed across with the
//@(#) Mordred Labs advisory 0x0005
Release data: 23/08/02
Name: Several buffer overruns in PostgreSQL
Versions affected: all versions
Risk: from average to low
--[ Description:
PostgreSQL provides you with several builint geo types
(circle,polygon,box...etc).
Unfortunately the code for geo
//@(#) Mordred Labs advisory 0x0007
Release data: 26/08/02
Name: Remote DoS condition in PostgreSQL
Versions affected: all versions
Conditions: entry in a pg_hba.conf file that matches attacker's host.
Risk: average
---[ Description:
Upon connecting to a database, postmaster will fork a new
to improve your effect.
The issues is that postgres allocate a chunk of memory and reads data,
using an
user's input, which has not completed authentication.
This is badly anyway.
Of course i tried, and wrote proggy for that,
but i can repeat, i dont want to provide it here.
Sir Mordred
By the way, seems like a beer DOSsed me a little:-).
I've made i mistake in email subject. Remove-remote
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence
Hi.
There is no need to ask me to attack a postgresql source code,
as long as i remember myself, i was always in studing someone's source code
or disasm output..
By the way, the code i write being a plain web programmer, even for small
projects is fairly buggy:-))).
One little thing saves me a
Marc G. Fournier [EMAIL PROTECTED] writes:
Are we all caught up now on the known bugs/fixes? Would it be reasonably
safe to do up a quick v7.2.2 Security Fix Release tomorrow afternoon?
Maybe it makes sense to wait about a week.
Hi.
This post certainly contains no valuable information,
but i feel i should clarify some points.
1) I like postgresql and i worked with it for a long time.
2) Solution like killall -9 postmaster was just a joke.
3) ...Hm..i forgot...maybe later ...
Seems like this one was lost or was filtered out...
//@(#)Mordred Labs advisory 0x0002
Release data: 19/08/02
Name: Buffer overflow in PostgreSQL
Versions affected: all versions
Risk: high
--[ Description:
There exists a buffer overflow in a SET TIME ZONE command, that
allows an attacker to
13 matches
Mail list logo