41 matches found
MySQL 3.23.x mysqld Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7052/info A vulnerability has been discovered for MySQL that may allow the mysqld service to start with elevated privileges. An attacker can exploit this vulnerability by creating a DATADIR/my.cnf that includes the line...
Microsoft SQL Server Privilege Escalation / SQL Injection
No description provided by source. AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability was discovere...
cPanel - Multiple Cross-Site Request Forgery Vulnerabilities
cPanel - Multiple Cross-Site Request Forgery Vulnerabilities Create Database: Create New Database New Database: Add Redirect: Type Permanent 301 Temporary 302 http://www.? All Public Domains sEc-r1z.com...
cPanel - Multiple Cross-Site Request Forgery Vulnerabilities
Create Database: Create New Database New Database: Add Redirect: Type Permanent 301 Temporary 302 http://www.? All Public Domains sEc-r1z.com / input name...
MySQL: Format string vulnerability by manipulation with database instances (crash)
Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...
Sun MySQL mysql_log Format String (CVE-2009-2446)
A format string vulnerability exists in Sun Microsystems MySQL database server. The flaw is due to insufficient input validation when processing create and drop database commands. Remote authenticated attackers could exploit this vulnerability by sending malformed data to the MySQL process. In a...
MySQL: Format string vulnerability by manipulation with database instances (crash)
Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...
CVE-2007-5976
SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...
Sql injection
SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...
CVE-2007-5976
SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...
CVE-2007-5976
SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
DEBIAN-CVE-2007-5976
SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...
DEBIAN-CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
CVE-2007-5976
SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
CVE-2007-5976
SQL injection vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter...
CVE-2007-5977
Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...
CVE-2006-7213
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database...
Oracle Net Services CREATE DATABASE LINK Query Overflow
The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query CREATE DATABASE LINK. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. %NASLMINLEVEL 70300 C Tenable...