Gentoo Security Advisory GLSA 200608-10 (pike)

The remote host is missing updates announced in advisory GLSA 200608-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-523)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-4802)

This update of OpenOfficeorg adds restrictions to SQL statements of Java-based databases to avoid the execution of native Jave code by creating procedures. CVE-2007-4575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

GLSA-200712-25 : OpenOffice.org: User-assisted arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-200712-25 OpenOffice.org: User-assisted arbitrary code execution The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to SQL statements. Impact : A remote attacker could entice a user to open a...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 4770)

This update of OpenOfficeorg adds restrictions to SQL statements of Java-based databases to avoid the execution of native Jave code by creating procedures. CVE-2007-4575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-4769)

This update of OpenOfficeorg adds restrictions to SQL statements of Java-based databases to avoid the execution of native Jave code by creating procedures. CVE-2007-4575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

The MYSQL read-write permissions into the system system permissions-bug warning-the black bar safety net

Previously I was in octal released a for MYSQL provide the right of the UDF, but it seems a lot of friends not really understand its use, people keep asking me and it's method of use, someone simply told me to write this UDF dedicated PHP. To be honest as I write this in PHP before you learn only...

PHPNS 1.1 - shownews.php?id SQL Injection

PHPNS 1.1 - shownews.php?id SQL Injection PHPNS SQL Injection Software: phpns current version v1.1 Vendor link: http://phpns.com Attack: SQL Injection Original advisory: http://14house.blogspot.com/2007/08/phpns-sql-injection.html Discovered by: David Sopas Ferreira a.k.a SmOk3 SQL Injection...

ACG News 1.0 (aid/catid) Remote SQL Injection Vulnerabilities

No description provided by source. ACG News SQL Injection Software: ACG News 1.0 Vendor link: http://www.altercoder.com Vendor Demo link: http://acgnews.uw.hu/index.php Attack: SQL Injection Original Advisory: http://14house.blogspot.com/2007/08/acg-news-sql-injection.html Discovered by: David...

ACG News 1.0 - 'aid'/'catid' SQL Injection

ACG News SQL Injection Software: ACG News 1.0 Vendor link: http://www.altercoder.com Vendor Demo link: http://acgnews.uw.hu/index.php Attack: SQL Injection Original Advisory: http://14house.blogspot.com/2007/08/acg-news-sql-injection.html Discovered by: David Sopas Ferreira a.k.a SmOk3 SQL...

Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties

Exploit for unknown platform in category web applications ====================================================== Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties ====================================================== Arcadem Remote File Inclusion Flaw / SQL Injection Software: Arcadem 2.01...

PhpSpy 2 0 0 6 final modified version-the vulnerability warning-the black bar safety net

Files and directories to a ZIP package to download 2. MySql and Ftp brute force 3. Within the network computer name and IP conversion 4. The use of MySql upload download file 5. Added custom settings 6. Alexa rank,off by default 7. Using ADODB to execute SQL statements 8. There are other...

BLOG:CMS <= 4.0.0k Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =============================================== BLOG:CMS url=stripslashes$row-url; $redirect=true; if strpos$row-url,'|noseo|'!==false $arr=explode",",'msnbot,googlebot,crawler,centrum'; foreach $arr as $s if strstr$SERVER"HTTPUSERAGENT",$...

Buffer overflow

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTHALTERSESSION attribute in the authentication phase of t...

CVE-2006-0547

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTHALTERSESSION attribute in the authentication phase of t...

Oracle TNS protocol fails to properly validate authentication requests

Overview The Oracle TNS protocol authentication mechanism fails to properly sanitize authentication requests, possibly allowing a remote attacker to execute arbitrary SQL statements with elevated privileges. Description Oracle databases authenticate and manage database connections via Oracle...

JPORTAL Multiple SQL Injection

DATE: ========= 3/11/2005 AFFECTED PRODUCTS ================= JPORTAL all version OVERVIEW ======== JpoRtaL is a simple portal system written in PHP using MySQL on backend. It includes article posting with comments, topics, links manager with section, download manager with section, short news...

PlaySMS Cookie SQL Injection

PlaySMS is a full-featured SMS gateway application that features sending of single or broadcast SMSes, the ability to receive and forward SMSes, an SMS board, an SMS polling system, SMS customs for handling incoming SMSes and forwarding them to custom applications, and SMS commands for...

IBProArcade index.php SQL Injection

One of the ibProArcade SPDX-FileCopyrightText: 2004 Ami Chayun Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.16086";...

CVE-2005-3202

Multiple cross-site scripting XSS vulnerabilities in Oracle HTML DB HTMLDB 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the 1 p or 2 pt02 parameters...