Database Zone

The Secunia reported that Andy Staudacher has discovered a vulnerability in ADOdb, which potentially can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is related to binary strings and affects PostgreSQL 8 but not MySQL.

Input passed to certain parameters isn't properly sanitised before being used in a SQL query. This can potentially be exploited to manipulate SQL queries by injecting arbitrary SQL code.

» Read More

This week, the developers of the open-source PostgreSQL database issued a "critical" update.

One critical fix repairs a denial-of-service vulnerability: on Windows only, the postmaster will exit if too many connection requests arrive simultaneously. This does not affect existing database connections, but will prevent new connections from being established until the postmaster is manually restarted. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-0105 to this issue.

Another critical fix repairs an error in ReadBuffer that can cause data loss due to overwriting recently-added pages. This applies to the 8.1 and 8.0 branches on all platforms.

» Read More