LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities

Author: GiReX mySite: girex.altervista.org Date: 14/04/08 CMS: LightNEasy SQLite / no database = 1.2.2 Site: lightneasy.org Advisory: Multiple Remote Vulnerabilities Need: magicquotesgpc = Off magicquotesgpc = On / Off for SQL Injections Bug 1: Remote File Disclosure Affected: SQLite / no databas...

Debian: Security Advisory (DSA-771-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 7 : php-pear-DB-1.7.11-1.fc7 (2007-0249)

1.7.11 : fbsql : - Fixed commit and rollback to specify the handle to be used. 1.7.10 : mysqli : - Added a type map for BIT fields. 1.7.9 : sybase : - Added divide by zero error mapping. - Added a specific quoteFloat implementation along the same lines as fbsql. - Updated tableInfo to cope with o...

openSUSE 10 Security Update : mono-core (mono-core-2373)

By appending spaces to URLs and attackers could download the source code of scripts that normally get executed by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update mono-core-2373...

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate and...

Security on AIR: Local file access through JavaScript

Hi! It's just a very first look to AIR Adobes Integrated Runtime and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. What is AIR? Quote from Adobe: "Adobe Integrated Runtime AIR is a cross- operating system runtime that allows you to...

Fedora Core 5 : dovecot-1.0-0.beta8.4.fc5 (2007-493)

Fri Mar 2 2007 Tomas Janousek - 1.0-0.beta8.4.fc5 - a little master login fix 224925 - fix for CVE-2007-2231 238440 - Thu Dec 21 2006 Tomas Janousek - 1.0-0.beta8.3.fc5 - fixed default paths in the example mkcert.sh to match configuration defaults fixes 183151 - fixed off by one 216508,...

Mandrake Linux Security Advisory : sqlite (MDKSA-2007:091)

A buffer overflow in sqlite could allow context-dependent attackers to execute arbitrary code via an empty value of the 'in' parameter. Updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Mandrake Linux Security Advisory : php (MDKSA-2007:089)

A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution CVE-2007-1001. A DoS flaw was found in how PHP processed a deeply nested array. A remote attacker coul...

MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability

Summary When sqliteudfdecodebinary is called with a string only containing a single 0x01 char this will result in a call to the sqlitedecodebinary function with an empty string as parameter. This leads to an exploitable buffer overflow. Affected versions Affected are PHP 4 4.4.5 and PHP 5 5.2.1...

Buffer overflow

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

CVE-2007-1887

Buffer overflow in the sqlitedecodebinary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqliteudfdecodebinary function with a...

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

CVE-2007-1887

Buffer overflow in the sqlitedecodebinary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqliteudfdecodebinary function with a...

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

CVE-2007-1888

CVE-2007-1888 is a buffer overflow in the SQLite 2 implementation (sqlite_decode_binary in src/encode.c) used by PHP 4.x–5.x and other apps. The issue allows context-dependent attackers to execute arbitrary code via an empty value for the in parameter. The description notes that some PHP installa...

CVE-2007-1888

Buffer overflow in the sqlitedecodebinary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite...

CVE-2007-1887

CVE-2007-1887 concerns a buffer overflow in the sqlite_decode_binary function in the bundled sqlite library used by PHP. The issue affects PHP 4 before 4.4.5 and PHP 5 before 5.2.1, where an empty parameter value to sqlite_udf_decode_binary (0x01 character input) can enable context-dependent arbi...

CVE-2007-1887

Buffer overflow in the sqlitedecodebinary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqliteudfdecodebinary function with a...