PT-2022-17984 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 16.25.2 Asterisk versions prior to 18.11.2 Asterisk versions prior to 19.3.2 Certified Asterisk versions prior to 16.8-cert14 Description: An issue was discovered in the func odbc module, which provides possibly...

antSword

This is a comprehensive analysis of the provided code and metadata from the AntSword repository. Classification: Exploit module/toolkit targeting web applications Primary CVE ID: Not specified Target product/service or framework: Web applications Vulnerability class/vector: Not specified Probable...

GHSA-8F93-RV4P-X4JW SQL Injection in sql

All versions of sql are vulnerable to sql injection as it does not properly escape parameters when building SQL queries. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available...

Low: krb5

Issue Overview: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a...

Amazon Linux 2 : krb5 (ALAS-2018-1129)

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a 'linkdn' and 'containerdn' database argument, or by supplying a DN string which is a left extension of a container DN stri...

krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...

Null pointer dereference

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service NULL pointer dereference or bypass a DN container check by supplying tagged data that is internal to the database module...

CVE-2013-6800

An unspecified third-party database module for the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.10.x allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via a crafted request, a different vulnerability than CVE-2013-1418...

Code injection

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search...

CVE-2012-5473

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search...

nss_db: Information leak due the DB_CONFIG file read from current working directory

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

Woltlab Burning Board SQL injection flaw

The remote web server contains a PHP script that is susceptible to SQL injection attacks. Description: The remote version of Burning Board includes an optional module, the Database module, that fails to properly sanitize the 'fileid' parameter of the 'infodb.php' script, which can be exploited to...

CVE-2006-4935

The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors...

CVE-2006-4935

The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors...

CVE-2006-4935

The vulnerability CVE-2006-4935 affects Moodle before 1.6.2 in the Database module, where uploaded files are not properly handled. The underlying root cause is the improper handling of uploaded files in that module, with unspecified impact and remote attack vectors. The issue is documented across...

CVE-2006-4935

The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors...

Woltlab Burning Board Multiple SQL Injections

The remote version of Burning Board includes an optional module, the Database module, that fails to properly sanitize the 'fileid' parameter of the 'infodb.php' script, which can be exploited to launch SQL injection attacks against the affected host. %NASLMINLEVEL 70300 C Tenable Network Security...

security flaw

Buffer overflow in the sqlescapefunc function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service crash...