iXmail index.php password Parameter SQL Injection

The remote host is running the iXmail webmail interface. There is a flaw in this interface that allows an attacker to log in as any user by using a SQL injection flaw in the code of index.php. An attacker may use this flaw to gain unauthorized access on this host, or to gain the control of the...

Instaboard index.cfm Multiple Parameter SQL Injection

The remote server is running NetPleasure's Instaboard. There is a bug in this release which allow an attacker to perform a SQL injection attack through the page 'index.cfm'. An attacker may use this flaw to gain unauthorized access to take the control of the remote database. %NASLMINLEVEL 70300 C...

MySQL user can be changed to root

Hi. I tried this on my own MySQL 3.23.55 !!! I found out that logging as the root user, we can change mysqld to run as root instead that i.e. mysql but this works only if there's just one my.cnf file and it is locate in /etc... Here's how I did it... I logged in as root and than I did this:...

Remote buffer overflow in MDBMS.

Dear bugtraq readers, MDBMS is a SQL database server currently for UNIX systems. Version 0.99b9 and below versions contain an exploitable buffer overflow in the handling of the s console command. When a user passes large buffers to the server in the form of multiple lines, these are appended to t...