[SECURITY] Fedora 11 Update: postgresql-8.3.8-1.fc11

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

MySQL COM_TABLE_DUMP Information Leakage and Arbitrary Command Execution

No description provided by source. / April 21.st 2006 myexploit.c MySql COMTABLEDUMP Memory Leak & MySql remote B0f MySql = 5.0.20 MySql COMTABLEDUMP Memory Leak MySql = 4.x.x copyright 2006 Stefano Di Paola stefano.dipaolaatwisec.it GPL 2.0 Disclaimer: In no event shall the author be liable for...

GemStone/S buffer overflow

Buffer overflow in /opt/gemstone/sys/stoned on -e and -l command line switches...

ecryptfs-utils: potential provided password disclosure in the process table

The 1 ecryptfs-setup-private, 2 ecryptfs-setup-confidential, and 3 ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process...

mysql: mysql command line client XSS flaw

Cross-site scripting XSS vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be...

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

This module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary...

Design/Logic Flaw

Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " quote followed by command line switches in a 1 irc:///, 2 irc6:///, 3 ircs:///, or 4 and ircs6:/// URI. NOTE: this might be due to an incomplete fix for...

Design/Logic Flaw

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI...

Design/Logic Flaw

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935...

Design/Logic Flaw

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this...

CVE-2008-6937

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this...

CVE-2008-6935

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI...

CVE-2008-6937

Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this...

CVE-2008-6936

CVE-2008-6936 involves Exodus 0.10 with an argument injection flaw that lets remote attackers inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI (vector variants include im:// and pres://; xmpp:// for related CVEs)...

CVE-2008-6935

CVE-2008-6935 concerns Exodus 0.10. The vulnerability is an argument injection flaw that allows remote attackers to craft inputs (via encoded spaces in an im:// URI) to inject arbitrary command-line arguments, overwrite arbitrary files, and trigger denial of service. Related connected records des...

KDE Konqueror Version Detection

Detects the installed version of KDE Konqueror. The script logs in via ssh, searches for executable Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

EPSON Status Monitor 3 Local Privilege Escalation Vulnerability

Exploit for unknown platform in category local exploits =============================================================== EPSON Status Monitor 3 Local Privilege Escalation Vulnerability =============================================================== ------- EPSON Status Monitor 3 local privilege...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-125)

This update brings Mozilla Firefox to version 3.0.1. It fixes various bugs and also following security problems : MFSA 2008-34 / CVE-2008-2785: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla CSS reference counting code. The vulnerabili...

openSUSE Security Update : libopensc2 (libopensc2-186)

This update fixes a security issues with opensc that occured when initializing blank smart cards with Siemens CardOS M4. After the initialization anyone could set the PIN of the smart card without authorization CVE-2008-2235. NOTE: Already initialized cards are still vulnerable after this update...

Sql injection

Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via 1 the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or 2 the command-line client, as demonstrated by a certain trcli -r command...