Executive Summary

Informations
NameCVE-2009-2940First vendor Publication2009-10-22
VendorCveLast vendor Modification2009-12-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2940

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

OpenVAS Exploits

DateDescription
2009-10-19Name : Debian Security Advisory DSA 1911-1 (pygresql)
File : nvt/deb_1911_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
59028pygresql for Python PQescapeStringConn() Function Character Escaping Weakness

Nessus® Vulnerability Scanner

DateDescription
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1911.nasl - Type : ACT_GATHER_INFO
2009-12-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-870-1.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
DEBIANhttp://www.debian.org/security/2009/dsa-1911
OSVDBhttp://www.osvdb.org/59028
SECUNIAhttp://secunia.com/advisories/37046
http://secunia.com/advisories/37654
UBUNTUhttp://ubuntu.com/usn/usn-870-1

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:51:20
  • Multiple Updates
2013-05-10 23:56:01
  • Multiple Updates