PostgreSQL Other Vulnerability - CVE-2012-1618
Interaction error in the PostgreSQL JDBC driver before 8.2 when used with a PostgreSQL server with the quotstandard_conforming_stringsquot option enabled such as the default configuration of PostgreSQL 9.1 does not properly escape unspecified JDBC statement parameters which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330 it was claimed that the upstream developer planned to dispute this issue but an official dispute has not been posted as of 20121005.