3467 matches found
CVE-2006-3610
index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to obtain sensitive information partial database schema via a modified pagename parameter, which reflects portions of an SQL query in the result. NOTE: it is not clear whether the information is target-specific. If not, then this...
PT-2006-1440 · Oracle · Mysql Server
Name of the Vulnerable Software and Affected Versions: MySQL version 5.0.18 Description: The issue allows local users with access to a VIEW to obtain sensitive information via the "SELECT FROM information schema.views;" query, which returns the query that created the VIEW. It is noted that the...
CVE-2005-4549
Cross-site scripting XSS vulnerability in Oracle Application Server OracleAS Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the 1 RowKeyValue parameter in the PORTAL schema; and the 2 title and 3 content input fields when creating an forum article...
CVE-2005-4549
CVE-2005-4549 describes a cross-site scripting (XSS) vulnerability in the Oracle Application Server (OracleAS) Discussion Forum Portlet. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the RowKeyValue parameter in the PORTAL schema and the title and content fi...
IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E)
NGSSoftware Insight Security Research Advisory Name: IBM DB2 SATADMIN.SATENCRYPT buffer overflow Systems Affected: DB2 8.1 Severity: Medium risk from remote Vendor URL: http://www.ibm.com/ Author: David Litchfield david at ngssoftware.com Relates to: http://www.nextgenss.com/advisories/db2-02.txt...
Fedora Core 1 : samba-3.0.6-2.FC1 (2004-284)
Wed Aug 25 2004 Jay Fenlason 3.0.6-1.FC2 - Upgrade to 3.0.6 include the following patches: samba-3.0.5rc1-passwd.patch from me. This changes the character used in the password field of the entries generated by winbind from a 'x' to a ''. 'x' means something special 'password is in /etc/shadow' to...
CVE-2001-0528
Oracle E-Business Suite Release 11i Applications Desktop Integrator ADI version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges...