2866 matches found
[Full-Disclosure] Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow
Security Advisory Name: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow. System Affected : Oracle Database 9ir2, previous versions could be affected too. Severity : High Remote exploitable : Yes Author: Cesar Cerrudo. Date: 02/05/04 Advisory Number: CC020401 Legal Notice: This...
PT-2003-1903 · Ibm · Ibm Db2 Universal Database
Name of the Vulnerable Software and Affected Versions: IBM DB2 Universal Data Base versions 7.2 before Fixpak 10 and 10a IBM DB2 Universal Data Base versions 8.1 before Fixpak 2 Description: A stack-based buffer overflow issue allows attackers with Connect privileges to execute arbitrary code via...
EZsite Forum Discloses Passwords to Remote Users
The remote host is running EZsite Forum. It is reported that this software stores usernames and passwords in plaintext form in the 'Database/EZsiteForum.mdb' file. A remote user can reportedly download this database. %NASLMINLEVEL 70300 This script written by deepquest Ref: Date: 4 sep , 2003...
CVE-2003-0634
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name...
Progress Database 9.1 - Environment Variable Privilege Escalation
Progress Database 9.1 - Environment Variable Privilege Escalation // source: https://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen function used by several Progress...
SAP database local root vulnerability during installation. (fwd)
This is an older moot vulnerability that I discovered which was never released, the vendor has fixed it. It is similar to what KF at snosoft discovered recently in the current version of SAPDB. Vapid Labs SAP database local root vulnerability during installation. December 10, 2002 I. BACKGROUND S...
Ocean12 ASP Guestbook Manager Database Download
The remote server is running Ocean12 GuestBook, a set of scripts to manage an interactive guestbook. An attacker may download the database 'o12guest.mdb' and use it to extract the password of the admninistrator of these CGIs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From:...
VapidSAP.txt
Vapid Labs SAP database local root vulnerability during installation. December 10, 2002 I. BACKGROUND SAP DB is a Free Enterprise database http://www.sapdb.org. An exploitable race condition exists during installation that can be won to yield root to a local malicous user. An executable is world...
Web Wiz Forums all version db stealing
.:: Decription ::. Web Wiz Forums, the free award winning ASP bulletin board system is available in a boxed version with link removal code. .:: Vendor ::. http://www.webwizguide.info .:: Problem ::. By default all passwords are kept on admin/wwforum.mdb Example:...
SRT2003-04-15-1029 - Progres BINPATHX overflow
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
Web Wiz Site News 3.6 - Information Disclosure
Web Wiz Site News 3.6 - Information Disclosure source: https://www.securityfocus.com/bid/7341/info Web Wiz Site News has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the...
SRT2003-04-01-1231 - Progress DLC overflows
Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...
Ocean12 ASP Guestbook Manager 1.0 - Information Disclosure
Ocean12 ASP Guestbook Manager 1.0 - Information Disclosure source: https://www.securityfocus.com/bid/7328/info Ocean12 Guestbook Manager has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file...
Oracle unauthenticated remote system compromise (#NISR16022003a)
NGSSoftware Insight Security Research Advisory Name: Oracle unauthenticated remote system compromise Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.oracle.com Author...
SAP DB 7.3.00 - Symbolic Link
SAP DB 7.3.00 - Symbolic Link source: https://www.securityfocus.com/bid/6316/info A vulnerability has been discovered in SAP DB that may allow an unprivileged to execute commands with root privileges. The vulnerability is due to insufficient sanity checks by lserver, when attempting to execute th...
SAP DB 7.3.00 - Symbolic Link
source: https://www.securityfocus.com/bid/6316/info A vulnerability has been discovered in SAP DB that may allow an unprivileged to execute commands with root privileges. The vulnerability is due to insufficient sanity checks by lserver, when attempting to execute the 'lserversrv' binary in the...
Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (2)
// source: https://www.securityfocus.com/bid/5044/info Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems. A buffer overflow has been discovered in the gdsdrop program packaged with Interbase. This problem could allow a local user t...
IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)
IBM Informix SE 7.25 sqlexec - Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/4891/info Informix is an enterprise database distributed and maintained by IBM. A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded stri...
PHP-Nuke 4.x5.x - SQL_Debug Information Disclosure
PHP-Nuke 4.x5.x - SQLDebug Information Disclosure source: https://www.securityfocus.com/bid/3906/info PHPNuke is a website creation/maintenance tool. It is can be back-ended by a number of database products such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. The sqllayer.php script contains ...
Oracle 89i - DBSNMP Oracle Home Environment Variable Buffer Overflow
Oracle 89i - DBSNMP Oracle Home Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/3138/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. When the ORACLEHOME environment...