34 matches found
Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)
Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...
[SECURITY] Fedora 9 Update: phpMyAdmin-3.1.1-1.fc9
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...
Oracle password file use and maintenance tips-vulnerability warning-the black bar safety net
Source: ctocio In the Oracle database system, a user if you want to the privilege identity of the userINTERNAL/SYSDBA/SYSOPERlog Oracle database can have two authentication methods: If used withoperating systemIntegrated Authentication or using the Oracle database password file for authentication...
[SECURITY] Fedora 9 Update: phpMyAdmin-2.11.9.1-1.fc9
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...
phpMyAdmin: SQL injection vulnerability
Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...
[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.2-1.fc7
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...
CVE-2007-2159
Multiple cross-site scripting XSS vulnerabilities in the Database Administration dba module 4.6.x-, and before 4.7.x-1.2 in the 4.7.x-1. series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to 1 direct display of data from the database...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Database Administration dba module 4.6.x-, and before 4.7.x-1.2 in the 4.7.x-1. series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Database Administration dba module 4.6.x-, and before 4.7.x-1.2 in the 4.7.x-1. series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to 1 direct display of data from the database...
CVE-2007-2159
Multiple cross-site scripting XSS vulnerabilities in the Database Administration dba module 4.6.x-, and before 4.7.x-1.2 in the 4.7.x-1. series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to 1 direct display of data from the database...
CVE-2007-2160
Multiple cross-site request forgery CSRF vulnerabilities in the Database Administration dba module 4.6.x-, and before 4.7.x-1.2 in the 4.7.x-1. series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476...
Multiple vulnerabilities in Database Administration (dba) module
The Database Administration dba module allows site administrators with sufficient privileges to view and directly modify the Drupal database tables for a site. Numerous cross-site scripting XSS vulnerabilities were discovered when the administrator runs queries to display data from the database,...
SAP sapdba for Informix database administration utility privilege escalation
Improper environment cariables validation allows to run any command with informix rights...
CVE-2004-1833
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges...