63 matches found
MariaDB: Path traversal in command line client
The command line client has a directory traversal bug which allows server chosen files to be dlopened when it connects to a malicious server. The path can also be padded with / characters so that strxnmov drops the .so extension. The dlopen call is performed here: Impact In rare situations where...
IPFinder CLI - The Official Command Line Client For IPFinder
The Official Command Line Client For IPFinder: Supports Single IP Address, asn, ranges, firewall as Input Supports Bulk Exports Results to Screen or to An Output File Supports IPv4 and IPv6 Supports ASN number , RANGES , Firewall Getting Started singing up for a free account at...
httpx
HTTPX - A next-generation HTTP client for Python...
[SECURITY] Fedora 28 Update: transifex-client-0.13.4-1.fc28
The Transifex Command-line Client is a command line tool that enables you to easily manage your translations within a project without the need of an elaborate UI system...
CVE-2013-7110
Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073...
PYSEC-2014-72
Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073...
CVE-2013-2073
Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate...
Amazon Linux AMI : mysql51 (ALAS-2014-298)
This update fixes several vulnerabilities in the MySQL database server. CVE-2014-0386 , CVE-2014-0393 , CVE-2014-0401 , CVE-2014-0402 , CVE-2014-0412 , CVE-2014-0437 , CVE-2013-5908 A buffer overflow flaw was found in the way the MySQL command line client tool mysql processed excessively long...
Symantec Altiris DS SQL injection
Added: 11/18/2013 CVE: CVE-2008-2286 BID: 29198 OSVDB: 45313 Background Altiris Deployment Solution DS is software for managing the configuration of machines on a network. Problem An SQL injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...
Symantec Altiris DS SQL injection
Added: 11/18/2013 CVE: CVE-2008-2286 BID: 29198 OSVDB: 45313 Background Altiris Deployment Solution DS is software for managing the configuration of machines on a network. Problem An SQL injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...
Symantec Altiris DS SQL injection
Added: 11/18/2013 CVE: CVE-2008-2286 BID: 29198 OSVDB: 45313 Background Altiris Deployment Solution DS is software for managing the configuration of machines on a network. Problem An SQL injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...
Fedora Update for transifex-client FEDORA-2013-9116
Check for the Version of transifex-client OpenVAS Vulnerability Test Fedora Update for transifex-client FEDORA-2013-9116 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...
Scientific Linux Security Update : mysql on SL4.x i386/x86_64
CVE-2008-4098 mysql: incomplete upstream fix for CVE-2008-2079 CVE-2008-4456 mysql: mysql command line client XSS flaw CVE-2009-2446 MySQL: Format string vulnerability by manipulation with database instances crash CVE-2009-4030 mysql: Incomplete fix for CVE-2008-2079 / CVE-2008-4098 Multiple flaw...
mysql: mysql command line client XSS flaw
Cross-site scripting XSS vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be...
mysql: mysql command line client XSS flaw
Cross-site scripting XSS vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be...
Sql injection
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via 1 the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or 2 the command-line client, as demonstrated by a certain trcli -r command...
MySQL命令行客户端HTML特殊字符HTML注入漏洞
BUGTRAQ ID:31486br / CNCAN ID:CNCAN-2008100103br / br / MySQL是一款开放源代码的数据库服务程序。br / MySQL命令行客户端没有对其输出进行过滤处理,远程攻击者可以利用漏洞获得敏感信息。br / MySQL命令行客户端在它的输出中对HTML特定字符如""缺少引用处理,允许攻击者写数据到表中来隐藏或修改输出的记录,并注入恶意代码,如通过Javascript执行跨站脚本或跨站请求伪造攻击。 MySQL AB MySQL 5.1.26 MySQL AB MySQL 5.1.23 MySQL AB MySQL 5.1.22 MySQ...
CVE-2008-4456
Cross-site scripting XSS vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be...
CVE-2008-4456
CVE-2008-4456 is a MySQL command-line client XSS flaw. Affects MySQL 5.0.26–5.0.45 (and related 5.0.x versions with --html) where HTML output could include injected scripts if data in a database cell is crafted. Public documents indicate the issue existed as of 2008-10-31 and was addressed by bac...
MySQL 5 - Command Line Client HTML Special Characters HTML Injection
MySQL 5 - Command Line Client HTML Special Characters HTML Injection source: https://www.securityfocus.com/bid/31486/info MySQL is prone to an HTML-injection vulnerability because the application's command-line client fails to properly sanitize user-supplied input before using it in dynamically...