8619 matches found
CVE-2006-0547
Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTHALTERSESSION attribute in the authentication phase of t...
CVE-2006-0547
Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTHALTERSESSION attribute in the authentication phase of t...
CVE-2006-0547
CVE-2006-0547 affects Oracle Database 8i, 9i, and 10g. The issue arises in the authentication phase of the Transparent Network Substrate (TNS) protocol where a modified AUTH_ALTER_SESSION attribute can be exploited by remote authenticated users to execute arbitrary SQL statements in the context o...
Ubuntu 4.10 / 5.04 / 5.10 : libapache2-mod-auth-pgsql vulnerability (USN-239-1)
Several format string vulnerabilities were discovered in the error logging handling. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache user 'www-data'. Not...
freeFTPd 1.0 Username Overflow
This module exploits a stack buffer overflow in the freeFTPd multi-protocol file transfer service. This flaw can only be exploited when logging has been enabled non-default. This module requires Metasploit: https://metasploit.com/download Current source:...
GLSA-200601-05 : mod_auth_pgsql: Multiple format string vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200601-05 modauthpgsql: Multiple format string vulnerabilities The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact : An...
Ubuntu 4.10 / 5.04 / 5.10 : libgda2 vulnerability (USN-212-1)
Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application. Note that...
Apache mod-auth-pgsql authorization module format string vulnerabilities
Several format string bugs in error logging...
iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability
Multiple Vendor modauthpgsql Format String Vulnerability iDefense Security Advisory 01.09.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367 January 09, 2006 I. BACKGROUND The modauthpgsql apache module allows user authentication against information stored in a PostgreSQL...
Apache auth_ldap authentication module format string vulnerabilities
Format string vulnerability on error logging...
DSA-930-2 smstools - format string attack
Bulletin has no description...
Format string
Format string vulnerability in the logging code of SMS Server Tools smstools 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors...
CVE-2006-0083
Format string vulnerability in the logging code of SMS Server Tools smstools 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors...
CVE-2006-0083
Format string vulnerability in the logging code of SMS Server Tools smstools 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors...
CVE-2006-0083
Format string vulnerability in the logging code of SMS Server Tools smstools 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors...
USN-239-1: libapache2-mod-auth-pgsql vulnerability
Several format string vulnerabilities were discovered in the error logging handling. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache user 'www-data'...
[SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 930-1 [email protected] http://www.debian.org/security/ Steve Kemp Jan 9, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------...
DSA-930-1 smstools - format string error
Bulletin has no description...
security flaw
Multiple format string vulnerabilities in logging functions in modauthpgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username...
Dopewars format string vulnerability
FOrmat string bug on file logging...