CVE-2008-2380

CVE-2008-2380 affects Courier Authentication Library (courier-authlib). The CVE describes an SQL injection in authpgsqllib.c when using a non-Latin locale Postgres database, allowing exploitation via query parameters containing apostrophes. Public advisories (Gentoo GLSA-200903-25, SUSE/openSUSE ...

CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...

CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...

Courier-Authlib非拉丁字符处理postgres SQL注入漏洞

BUGTRAQ ID: 32926 CVE ID：CVE-2008-2380 CNCVE ID：CNCVE-20082380 Courier-Authlib是一款Courier验证库。 authpgsqllib.c存在漏洞，如果Postgres数据库使用非拉丁字集，可导致SQL注入攻击。 目前没有详细漏洞细节提供。 Courier Mail Server Courier-Authlib 0.61 Courier Mail Server Courier-Authlib 0.60.6 Courier Mail Server Courier-Authlib 0.60.5 升级程序： Couri...

Debian DSA-1688-1 : courier-authlib - SQL injection

Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used CVE-2008-2380 . A...

openSUSE 10 Security Update : courier-authlib (courier-authlib-5871)

Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-5871. The text...

[SECURITY] [DSA 1688-1] New courier-authlib packages fix SQL injection

------------------------------------------------------------------------ Debian Security Advisory DSA-1688 [email protected] http://www.debian.org/security/ Steffen Joeris December 20, 2008 http://www.debian.org/security/faq -...

DSA-1688-1 courier-authlib - SQL injection

Bulletin has no description...

DTSA-180-1 courier-authlib - sql injection

Bulletin has no description...

FreeBSD Ports: courier-authlib

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: courier-authlib

The remote host is missing an update to the system as announced in the referenced advisory. VID 022baf71-38e6-11dd-8d34-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

openSUSE 10 Security Update : courier-authlib (courier-authlib-5352)

This update of courier-authlib fixes a bug that allowed SQL injections. CVE-2008-2667 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-5352. The text description of this plugin ...

Courier-Authlib非拉丁字符处理SQL注入漏洞

BUGTRAQ ID: 29605 CNCAN ID:CNCAN-2008061001 Courier-Authlib是一款Courier验证库。 Courier-Authlib处理用户提交的数据时缺少过滤，远程攻击者可以利用漏洞进行SQL注入攻击，可导致访问或修改数据。 由于处理非拉丁字符设置时存在SQL注入攻击。目前没有详细漏洞细节提供。 Courier Mail Server Courier-Authlib 0.60.5 厂商解决方案 升级程序： Courier Mail Server Courier-Authlib 0.60.5 Courier Mail Server...