13 matches found
openSUSE Security Update : courier-authlib (courier-authlib-370)
Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-370. The text...
openSUSE Security Update : courier-authlib (courier-authlib-391)
Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-391. The text...
SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
The remote host is missing updates announced in advisory SUSE-SR:2009:001. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...
[SECURITY] [DSA 1688-2] New courier-authlib packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-1688-2 [email protected] http://www.debian.org/security/ Steffen Joeris December 22, 2008 http://www.debian.org/security/faq -...
CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
CVE-2008-2380
CVE-2008-2380 affects Courier Authentication Library (courier-authlib). The CVE describes an SQL injection in authpgsqllib.c when using a non-Latin locale Postgres database, allowing exploitation via query parameters containing apostrophes. Public advisories (Gentoo GLSA-200903-25, SUSE/openSUSE ...
CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
Courier-Authlib非拉丁字符处理postgres SQL注入漏洞
BUGTRAQ ID: 32926 CVE ID:CVE-2008-2380 CNCVE ID:CNCVE-20082380 Courier-Authlib是一款Courier验证库。 authpgsqllib.c存在漏洞,如果Postgres数据库使用非拉丁字集,可导致SQL注入攻击。 目前没有详细漏洞细节提供。 Courier Mail Server Courier-Authlib 0.61 Courier Mail Server Courier-Authlib 0.60.6 Courier Mail Server Courier-Authlib 0.60.5 升级程序: Couri...
openSUSE 10 Security Update : courier-authlib (courier-authlib-5871)
Insufficient quoting allowed attackers to inject SQL statements when using the pgsql backend CVE-2008-2380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-5871. The text...
Debian DSA-1688-1 : courier-authlib - SQL injection
Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used CVE-2008-2380 . A...
[SECURITY] [DSA 1688-1] New courier-authlib packages fix SQL injection
------------------------------------------------------------------------ Debian Security Advisory DSA-1688 [email protected] http://www.debian.org/security/ Steffen Joeris December 20, 2008 http://www.debian.org/security/faq -...
DSA-1688-1 courier-authlib - SQL injection
Bulletin has no description...