createdirectory2sysdba.sql

--note windows adds 0D 0A to end as cTRL LF --WINDOWS VERSION 10.1 DECLARE fi UTLFILE.FILETYPE; bu RAW32767; bu2 varchar232767; bu3 varchar232767; BEGIN...

GdPicture Pro 'gdpicture4s.ocx' ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID:31504 CNCAN ID：CNCAN-2008100305 GdPicture Pro是一款支持多格式的图像管理软件。 GdPicture Pro包含的gdpicture4s.ocx ActiveX控件存在设计错误，远程攻击者可以利用漏洞以应用程序权限覆盖系统文件。 SaveAsPDF方法允许通过sFilePath参数建立和覆盖文件，通过使用其他参数，如sTitle，攻击者可以注入HTML代码，使用hcp://协议执行。GdPicturePro5.Imaging也存在此漏洞。 GdPicture GdPicture Pro GdPicture GdPicture...

Microsoft Rich Textbox ActiveX control SaveFile vulnerability

Added: 10/07/2008 CVE: CVE-2008-0237 BID: 27201 OSVDB: 40234 Background Microsoft Rich Textbox is an ActiveX control which comes with Visual Basic and allows creation of formatted text in RTF files. It is located in the Richtx32.ocx file. Problem The SaveFile method in the Rich Textbox ActiveX...

xen security update

CentOS Errata and Security Advisory CESA-2008:0892 Updated xen packages that resolve a couple of security issues and fix a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The xen packages...

DEBIAN-CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

Privilege escalation

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time a...

Privilege escalation

MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed wh...

FreeBSD Ports: mysql-server

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MemHT Portal <= 3.9.0 Remote Create Shell Exploit

Exploit for unknown platform in category web applications ================================================= MemHT Portal = 3.9.0 Remote Create Shell Exploit ================================================= !/usr/bin/perl MemHT Portal = 3.9.0 Perl exploit discovered & written by Ams DESCRIPTION:...

MemHT Portal 3.9.0 - Remote Create Shell

MemHT Portal 3.9.0 - Remote Create Shell !/usr/bin/perl MemHT Portal = 3.9.0 Perl exploit discovered & written by Ams ax330d doggy gmail dot com DESCRIPTION: Script /inc/incstatistics.php accepts unfiltered $COOKIE's, $COOKIE'statsres' which later goes to MySQL request. So we are able to make sql...

GLSA-200809-04 : MySQL: Privilege bypass

The remote host is affected by the vulnerability described in GLSA-200809-04 MySQL: Privilege bypass Sergei Golubchik reported that MySQL imposes no restrictions on the specification of 'DATA DIRECTORY' or 'INDEX DIRECTORY' in SQL 'CREATE TABLE' statements. Impact : An authenticated remote attack...

FreeBSD Ports: frontpage -- cross site scripting vulnerability

The remote host is missing an update to the system as announced in the referenced advisory. VID c0171f59-ea8a-11da-be02-000c6ec775d9 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

hMAilServer 4.4.1 - IMAP Command Remote Denial of Service

source: https://www.securityfocus.com/bid/30663/info hMailServer is prone to a remote denial-of-service vulnerability caused by large numbers of certain IMAP commands. Exploiting this issue will cause the server to crash and deny access to legitimate users. hMailServer 4.4.1 is vulnerable; other...

Debian Security Advisory DSA 1608-1 (mysql-dfsg-5.0)

The remote host is missing an update to mysql-dfsg-5.0 announced via advisory DSA 1608-1. OpenVAS Vulnerability Test $Id: deb16081.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1608-1 mysql-dfsg-5.0 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

DSA-1608-1 mysql-dfsg-5.0 - authorization bypass

Bulletin has no description...

CVE-2008-3092

SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors...

CVE-2008-2997

Cross-site scripting XSS vulnerability in index.php in Gravity Board X GBX 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit aka create new thread action...

mysql: privilege escalation via DATA/INDEX DIRECTORY directives

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are within the MySQL home data directory,...

CVE-2008-2849

Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-2849

Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...