MySQL DoS

Query with multiupdate and subselects can cause database server to crash...

Firebird / InterBase Database Server Detection

The remote host is running either a Firebird or an InterBase database server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid22269; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Firebird / InterBase...

Eskolar CMS 0.9.0.0 - Blind SQL Injection

Eskolar CMS 0.9.0.0 - Blind SQL Injection ================================================================================================== !/usr/bin/perl use IO::Socket; ==================================================================================================...

Finjan Appliance cleartext password

ps.fdb.bak file contains Firebird database server password...

CentOS 3 : mysql-server (CESA-2005:348)

Updated mysql-server packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL...

Mambo < 4.6.1 Login Function usercookie Cookie SQL Injection

Binary data 3656.prm...

MySQL Server 45 - Str_To_Date Remote Denial of Service

MySQL Server 45 - StrToDate Remote Denial of Service source: https://www.securityfocus.com/bid/18439/info MySQL is susceptible to a remote denial-of-service vulnerability. This issue is due to the database server's failure to properly handle unexpected input. This issue allows remote attackers to...

security flaw

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service crash via a NULL second argument to the strtodate function...

Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : mysql (SSA:2006-155-01)

New mysql packages are available for Slackware 9.1, 10.0, 10.1, 10.2 and -current to fix security issues. The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1 may possibly leak sensitive information found in uninitialized memory to authenticated users. This is fixed in the new packages,...

QuickBooks Enterprise Database Server Detection

Binary data 3623.prm...

Default credentials

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database...

CVE-2006-2081

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GETDOMAININDEXMETADATA function in the DBMSEXPORTEXTENSION package. NOTE: this issue was originally linked to DB05 CVE-2006-1870, but a reliable third party has claimed that it is not the same issue...

Sql injection

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GETDOMAININDEXMETADATA function in the DBMSEXPORTEXTENSION package. NOTE: this issue was originally linked to DB05 CVE-2006-1870, but a reliable third party has claimed that it is not the same issue...

CVE-2006-2081

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GETDOMAININDEXMETADATA function in the DBMSEXPORTEXTENSION package. NOTE: this issue was originally linked to DB05 CVE-2006-1870, but a reliable third party has claimed that it is not the same issue...

CVE-2006-2081

CVE-2006-2081 affects Oracle Database Server 10g Release 2, where local users can trigger arbitrary SQL via the GET_DOMAIN_INDEX_METADATA function in DBMS_EXPORT_EXTENSION. The primary issue is insecure privileges that allow SQL to be introduced outside of a character-based injection, not a tradi...

Sql injection

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVTIDX using the 1 EXECUTEINSERT, 2...

Design/Logic Flaw

Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln DB02...

Buffer overflow

Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFYLOG procedure of the DBMSSNAPSHOTUTL package, aka Vuln DB03...

CVE-2006-1869

Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln DB04...

CVE-2006-1875

Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln DB11. NOTE: Oracle has not disputed reliable researcher claims that this issue is SQL injection in MDSYS.SDOLRSTRIGINS...