4418 matches found
[Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability
RedDot CMS SQL injection vulnerability CVE Number: CVE-2008-1613 http://www.irmplc.com/index.php/167-Advisory-026 Vulnerability Type/Importance: SQL injection/Critical Problem Discovered: 12 February 2008 Vendor Contacted: 19 February 2008 Advisory Published: 21 April 2008 Abstract: The RedDot CM...
[SECURITY] Fedora 7 Update: gallery2-2.2.4-3.fc7
The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...
[SECURITY] Fedora 8 Update: gallery2-2.2.4-3.fc8
The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...
MS SQL Server Administrator password forget-the vulnerability of early warning-the black bar safety net
Today 1 of a group of people in the ms sql sever password forgot.... Generally refers to the use of SQL Server password authentication mode, the sa or admin user password forget. First, open the Registry Editor,“run”, enter regedit...
Firebird SQL server integer overflow
Integer overflow on XDR parsing leads to memory corruption...
[SECURITY] Fedora 8 Update: gallery2-2.2.4-1.fc8
The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...
[SECURITY] Fedora 7 Update: gallery2-2.2.4-1.fc7
The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...
Meridian Prolog Manager uses weak authentication to store and transmit user credentials
Overview Meridian Systems Prolog Manager does not use strong encryption and returns a list of all user credentials when authenticating clients. These behaviors could allow an attacker to obtain user credentials and decrypt passwords. Description Meridian Systems Prolog Manager is a set of...
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 2276)
The SQL Server PostgreSQL has been updated to fix the following security problems : - backend/parser/analyze.c in PostgreSQL 8.1.x allowed remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled...
Kvaliitti WebDoc 3.0 CMS SQL Injection vulnerability
Found by: Jaakko "Chrysalid" Hartikainen 1. Info Kvaliitti WebDoc 3.0 CMS is a proprietary Finnish-made content management system developed by Kvaliitti Oy http://www.kvaliitti.fi. It is driven by MS SQL Server and ASP. 2. Abstract WebDoc 3.0 suffers from a flaw in input validation, which allows...
kvaliitti-sql.txt
Found by: Jaakko "Chrysalid" Hartikainen 1. Info Kvaliitti WebDoc 3.0 CMS is a proprietary Finnish-made content management system developed by Kvaliitti Oy http://www.kvaliitti.fi. It is driven by MS SQL Server and ASP. 2. Abstract WebDoc 3.0 suffers from a flaw in input validation, which allows...
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection
PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...
Sun Java Web Start dnsResolve ActiveX Buffer Overflow (CVE-2007-5019)
Microsoft SQL Server is a Relational Database Management System RDBMS that can be managed through Distributed Management Objects DMO. A remote attacker can exploit this issue to execute arbitrary code on vulnerable server...
ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability
ZDI-07-057: Firebird processpacket Remote Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-057.html October 10, 2007 -- CVE ID: CVE-2007-4992 -- Affected Vendor: Firebird -- Affected Products: Firebird SQL 2.0.2 -- TippingPointTM IPS Customer Protection: TippingPoin...
Microsoft SQL Server Distributed Management Objects buffer overflow
Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...
Microsoft SQL Server Distributed Management Objects buffer overflow
Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...
Microsoft SQL Server Distributed Management Objects buffer overflow
Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...
Microsoft SQL Server Distributed Management Objects buffer overflow
Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...
Firebird process_packet() Remote Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service fbserver.exe, which binds to TCP port 3050. When processing a...
CVE-2007-5090
Unspecified vulnerability in IBM Rational ClearQuest CQ, when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors...