Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.16 views

openSUSE Security Update : courier-authlib (courier-authlib-370)

Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-370. The text...

5.1CVSS5.6AI score0.01816EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/07/21 12:0 a.m.21 views

openSUSE Security Update : courier-authlib (courier-authlib-391)

Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-391. The text...

5.1CVSS5.6AI score0.01816EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/01/20 12:0 a.m.29 views

SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)

The remote host is missing updates announced in advisory SUSE-SR:2009:001. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...

10CVSS1.4AI score0.21024EPSS
Exploits24
Debian
Debian
added 2008/12/22 11:18 p.m.21 views

[SECURITY] [DSA 1688-2] New courier-authlib packages fix regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1688-2 [email protected] http://www.debian.org/security/ Steffen Joeris December 22, 2008 http://www.debian.org/security/faq -...

5.1CVSS7.5AI score0.01816EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2008/12/22 3:30 p.m.18 views

CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...

5.1CVSS6.2AI score0.01816EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2008/12/22 3:0 p.m.21 views

CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...

5.1CVSS8.2AI score0.01816EPSS
Exploits1
CVE
CVE
added 2008/12/22 3:0 p.m.64 views

CVE-2008-2380

CVE-2008-2380 affects Courier Authentication Library (courier-authlib). The CVE describes an SQL injection in authpgsqllib.c when using a non-Latin locale Postgres database, allowing exploitation via query parameters containing apostrophes. Public advisories (Gentoo GLSA-200903-25, SUSE/openSUSE ...

5.1CVSS7.9AI score0.01816EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2008/12/22 3:0 p.m.24 views

CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...

8AI score0.01816EPSS
Exploits1References7
seebug.org
seebug.org
added 2008/12/22 12:0 a.m.20 views

Courier-Authlib非拉丁字符处理postgres SQL注入漏洞

BUGTRAQ ID: 32926 CVE ID:CVE-2008-2380 CNCVE ID:CNCVE-20082380 Courier-Authlib是一款Courier验证库。 authpgsqllib.c存在漏洞,如果Postgres数据库使用非拉丁字集,可导致SQL注入攻击。 目前没有详细漏洞细节提供。 Courier Mail Server Courier-Authlib 0.61 Courier Mail Server Courier-Authlib 0.60.6 Courier Mail Server Courier-Authlib 0.60.5 升级程序: Couri...

5.1CVSS0.6AI score0.01816EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2008/12/21 12:0 a.m.19 views

openSUSE 10 Security Update : courier-authlib (courier-authlib-5871)

Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-5871. The text...

5.1CVSS5.6AI score0.01816EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2008/12/21 12:0 a.m.19 views

Debian DSA-1688-1 : courier-authlib - SQL injection

Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used CVE-2008-2380 . A...

5.1CVSS5.6AI score0.01816EPSS
Exploits1References5
Debian
Debian
added 2008/12/20 3:21 p.m.15 views

[SECURITY] [DSA 1688-1] New courier-authlib packages fix SQL injection

------------------------------------------------------------------------ Debian Security Advisory DSA-1688 [email protected] http://www.debian.org/security/ Steffen Joeris December 20, 2008 http://www.debian.org/security/faq -...

5.1CVSS7.6AI score0.01816EPSS
Exploits1
OSV
OSV
added 2008/12/20 12:0 a.m.15 views

DSA-1688-1 courier-authlib - SQL injection

Bulletin has no description...

5.1CVSS5.9AI score0.01816EPSS
Exploits1
Rows per page
Query Builder