4425 matches found
MySQL: crash with user variables, assignments, joins... (MySQL Bug #55564)
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...
MySQL: crash with LONGBLOB and union or update with subquery (MySQL Bug#54461)
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service server crash via a query that uses the 1 GREATEST or 2 LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the...
MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575)
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service mysqld daemon crash via a join query that uses a table with a unique SET column...
CVE-2010-3992
Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors...
DEBIAN-CVE-2010-3711
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purplebase64decode function, which allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a crafted message, related to the plugins for MSN, MySpaceIM,...
CVE-2010-3711
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purplebase64decode function, which allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a crafted message, related to the plugins for MSN, MySpaceIM,...
Stack overflow
Stack-based buffer overflow in IBM Informix Dynamic Server IDS 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka...
CVE-2010-3716
The beusercreation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships...
CVE-2010-3716
CVE-2010-3716 is a TYPO3 vulnerability where malicious editors with user-creation permission could escalate privileges by creating new users in arbitrary groups due to input validation weakness in the be_user_creation task. Affected: TYPO3 4.2.x pre-4.2.15 and 4.3.x pre-4.3.7. Documented in multi...
CVE-2010-4053
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server IDS 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243...
CVE-2010-3290
Unspecified vulnerability in HP Systems Insight Manager SIM before 6.2 allows remote authenticated users to gain privileges via unknown vectors...
DEBIAN-CVE-2009-5012
ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session...
PYSEC-2010-20
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. dot dot in a 1 LIST, 2 STOR, or 3 RETR command...
Netgear CG3100D Residential Gateway Privilege Escalation
Product: Netgear CG3100D Residential Gateway Vendor: http://www.netgear.com Discovered: August 30, 2010 Disclosed: October 14, 2010 I. DESCRIPTION The Netgear CG3100D Residential Gateway with firmware version 5.5.2 and probably other CG3000/CG3100 models with the same firmware has several bugs th...
CVE-2010-3536
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle 38, 9.0 Bundle 31, and 9.1 Bundle 6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...
Code injection
Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle 38, 9.0 Bundle 31, and 9.1 Bundle 6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than...
CVE-2010-3536
CVE-2010-3536 affects PeopleSoft Enterprise SCM within Oracle PeopleSoft/JD Edwards Suite (8.9 Bundle #38, 9.0 Bundle #31, 9.1 Bundle #6). The vulnerability is described as an unspecified issue allowing remote authenticated users to affect confidentiality and integrity via unknown vectors. Oracle...
qpid: crash when redeclaring the exchange with specified alternate_exchange
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...
CVE-2010-2417
Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.0.0 allows remote authenticated users to affect integrity via unknown vectors...
Buffer overflow
Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...