9816 matches found
Oracle Database PL/SQL Statement Multiple SQL Injection Exploits
No description provided by source. / Advanced SQL Injection in Oracle databases Becoming the SYS user with SQL Injection. This script creates functions that can be injected to replace the password of the SYS user and to restore it to the original value. By Esteban Martinez Fayo [email protected] /...
[NEWS] Websphere MQ MCAUSER Setting Bypass Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution
SEC Consult Security Advisory ======================================================================= title: Remote command execution in Joomla! CMS program: Joomla! vulnerable version: 1.5 beta 2 Earlier 1.5 versions may be vulnerable too! impact: critical homepage: http://www.joomla.org found:...
Joomla! CMS 1.5 beta 2 (search) Remote Code Execution Vulnerability
No description provided by source. SEC Consult Security Advisory 20070722-0 ======================================================================= title: Remote command execution in Joomla! CMS program: Joomla! vulnerable version: 1.5 beta 2 Earlier 1.5 versions may be vulnerable too! impact:...
JVN#81294906 Homepage Builder sample CGI programs vulnerable to OS command injection
Among sample CGI programs included in Homepage Builder, anketo.cgi, kansou.cgi, and order.cgi contain an OS command injection vulnerability as they do not properly validate input data. Impact An arbitrary command could be executed on the web server with the privilege of the web server process...
CVE-2007-0565
Shopping Basket Professional by CGI RESCUE (v7.50 and earlier) is affected by an OS command injection vulnerability. The issue arises from improper handling/validation of input data, allowing a remote attacker to inject and execute arbitrary OS commands. This is based on the JVN entry describing ...
JVN#82258242 Shopping Basket Professional vulnerable to OS command injection
Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket Professional v7 is installed. Solution Products Affected Shopping Basket Professional v7.50 and earlier For more information, refer to the vendor's website...
Python <= 2.4.2 realpath() Local Stack Overflow Exploit
No description provided by source. !/usr/bin/python gexp-python.py Python = 2.4.2 realpath Local Stack Overflow ----------------------------------------------- Against VA Space Randomization. Copyright c 2006 Gotfault Security Bug found and developed by: dx/vaxen Gotfault Security, posidron Tripb...
JVN#87830692 WebNote Clip vulnerable to OS command injection
Impact An attacker could execute an arbitrary OS command on the server with WebNote Clip installed. Solution Products Affected WebNote Clip 4.1.7 and earlier...
Run any OS Command via unauthorized Oracle Forms
Name Run any OS Command via unauthorized Oracle Forms Systems Affected Oracle Web Forms 4.5, 5.0, 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 18 July 2005 V 1.00 Advisory...
Run any OS Command via unauthorized Oracle Reports
Name Run any OS Command via unauthorized Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-014...
plsql_multiplestatement_injection.txt
/ Advanced SQL Injection in Oracle databases Executing OS Command with SQL Injection By Esteban Martinez Fayo [email protected] / CREATE OR REPLACE FUNCTION "SCOTT"."SQLI" return varchar2 authid currentuser as pragma autonomoustransaction; SqlCommand VARCHAR22048; BEGIN SqlCommand := ' CREATE OR...
Oracle Database PL/SQL Statement Multiple SQL Injection Exploits
Exploit for unknown platform in category local exploits ================================================================ Oracle Database PL/SQL Statement Multiple SQL Injection Exploits ================================================================ / Advanced SQL Injection in Oracle databases...
Oracle 8.x9.x10.x Database - Multiple SQL Injections
Oracle 8.x9.x10.x Database - Multiple SQL Injections source: https://www.securityfocus.com/bid/13144/info Oracle database is reported prone to multiple SQL injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. These issues can be exploited using...
paFileDB 3.1
============================ Security REPORT paFileDB 3.1 ============================ Product: paFileDB Version 3.1 and earlier Vulnerablities: arbitrary file-upload, path-traversal, arbitrary OS command-execution Vuln.-classes: http://www.owasp.org/asac/parametermanipulation/forms.shtml...
W-Agora 4.1.5
============================= Security REPORT W-Agora 4.1.5 ============================= Product: W-Agora 4.1.5 maybe earlier Vulnerablities: information disclosure, path disclosure, arbitrary file-upload, OS command execution, cross site scripting Vuln.-Classes: Check out...