Description
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Remediation
References
Related Vulnerabilities
WordPress Plugin Remote Upload Arbitrary File Upload (1.2.1)
WordPress Plugin Widgets for SiteOrigin Unspecified Vulnerability (1.4.4)
WordPress Plugin Backup and Restore WordPress-WPBackItUp Cross-Site Request Forgery (1.6.7)
Joomla! Core 3.x.x Denial of Service (3.0.0 - 3.2.5)
WordPress Plugin AJAX Post Search 'srch_txt' Parameter SQL Injection (1.2)