9 matches found
openSUSE Security Update : courier-authlib (courier-authlib-42)
This update of courier-authlib fixes a bug that allowed SQL injections. CVE-2008-2667 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-42. The text description of this plugin is...
[SECURITY] [DSA 1688-2] New courier-authlib packages fix regression
------------------------------------------------------------------------ Debian Security Advisory DSA-1688-2 [email protected] http://www.debian.org/security/ Steffen Joeris December 22, 2008 http://www.debian.org/security/faq -...
Debian DSA-1688-1 : courier-authlib - SQL injection
Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used CVE-2008-2380 . A...
[SECURITY] [DSA 1688-1] New courier-authlib packages fix SQL injection
------------------------------------------------------------------------ Debian Security Advisory DSA-1688 [email protected] http://www.debian.org/security/ Steffen Joeris December 20, 2008 http://www.debian.org/security/faq -...
DSA-1688-1 courier-authlib - SQL injection
Bulletin has no description...
[ GLSA 200809-05 ] Courier Authentication Library: SQL injection vulnerability
Gentoo Linux Security Advisory GLSA 200809-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
CVE-2008-2667
SQL injection vulnerability in the Courier Authentication Library aka courier-authlib before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified...
CVE-2008-2667
CVE-2008-2667 is a SQL injection vulnerability in courier-authlib (courier-authlib) affecting MySQL interface when certain charsets are used, enabling an attacker to inject SQL via the username and related vectors. Multiple advisories (Debian DSA-1688-1/1688-2, openSUSE/Tenable/Nessus listings) c...
openSUSE 10 Security Update : courier-authlib (courier-authlib-5352)
This update of courier-authlib fixes a bug that allowed SQL injections. CVE-2008-2667 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update courier-authlib-5352. The text description of this plugin ...