2885 matches found
FileMaker Pro User Password Disclosure Vulnerability (Apr 2003) - Active Check
The remote Filemaker database server is prone to a user password disclosure vulnerability, because it does not properly secure credentials during authentication. SPDX-FileCopyrightText: 2009 Christian Eric Edjenguele Some text descriptions might be excerpted from a referenced sources, and are...
CentOS Update for expect CESA-2008:0134 centos3 i386
Check for the Version of expect OpenVAS Vulnerability Test CentOS Update for expect CESA-2008:0134 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
Oracle Secure Backup NDMP CONNECT_CLIENT_AUTH Command Buffer Overflow (CVE-2008-5444)
Oracle Database Server is an enterprise-level relational database application suite. Oracle Secure Backup is a backup solution allowing for single point of management of data present on network attached storage NAS devices and distributed hosts. Oracle Secure Backup is using NDMP protocol to...
CVE-2008-6065
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the...
Design/Logic Flaw
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the...
CVE-2008-6065
Oracle Database Server 10.1/10.2/11g vulnerability: GRANTs for CREATE ANY DIRECTORY plus CREATE OR REPLACE DIRECTORY aliasing allow remote authenticated users to abuse aliased pathnames to overwrite the password file via UTL_FILE, potentially elevating to SYSDBA. Root cause is directory permissio...
CVE-2009-0173
Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service trap via a crafted data stream...
Oracle database server multiple security vulnerabilities
CPU for April, 2008 fixes huge number of vulnerabilities...
Debian Security Advisory DSA 1662-1 (mysql-dfsg-5.0)
The remote host is missing an update to mysql-dfsg-5.0 announced via advisory DSA 1662-1. OpenVAS Vulnerability Test $Id: deb16621.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1662-1 mysql-dfsg-5.0 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...
Oracle Database Server 'CREATE ANY DIRECTORY'特权提升漏洞
BUGTRAQ ID: 31738 CNCAN ID:CNCAN-2008101405 Oracle Database Server是一款大型企业级的数据库服务程序。 Oracle Database Server 'CREATE ANY DIRECTORY'用户特权相关处理存在问题,远程攻击者可以利用漏洞获得SYSDBA特权权限。 通过UTLDIR使用已知两进制密码文件可直接覆盖隐藏的两进制文件,而使拥有CREATE ANY DIRECTORY低权限的用户获得SYSDBA特权。 目前如下链接进行了一定程度的分析目前不能连接:...
Oracle Database Server 11.1 - 'CREATE ANY Directory' Privilege Escalation
source: https://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA privileges on the vulnerable database server. This issue affects Oracle...
MySQL 6.0 < 6.0.6 Empty Bit-String Literal Token SQL Statement DoS
The version of MySQL 6.0 installed on the remote host is earlier than 6.0.6. A bug in such versions can lead to a server crash in 'Itembinstring::Itembinstring' when handling an empty bit-string literal b''. Using a simple SELECT statement, an authenticated remote user can leverage this issue to...
FileMaker Service Detection (TCP)
TCP based detection of the FileMaker database server. SPDX-FileCopyrightText: 2008 Christian Eric Edjenguele Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Firebird / InterBase Database Server Service Detection (TCP)
TCP based detection of a Firebird / InterBase Database service. SPDX-FileCopyrightText: 2008 Christian Eric Edjenguele SPDX-FileCopyrightText: Improved / extended code / detection routine since 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...
Ingres database server multiple security vulnerabilities
Weak file permissions, insecure shared library loading, buffer overflow in different utilities...
Team SHATTER Security Advisory: SQL Injection in Oracle Application Server (WWEXP_API_ENGINE)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory SQL Injection in Oracle Application Server WWEXPAPIENGINE Audust 4, 2008 Risk Level: High Affected versions: Oracle Application Server 9.0.4.3, 10.1.2.2 and 10.1.4.1 Remote exploitable: Yes No authentication required...
Oracle Database Server <= 10.1.0.2 Buffer Overflow Exploit
No description provided by source. / Advanced SQL Injection in Oracle databases Exploit for the buffer overflow vulnerability in procedure MDSYS.MD2.SDOCODESIZE of Oracle Database Server version 10.1.0.2 under Windows 2000 Server SP4. Fixes available at http://metalink.oracle.com. The exploit...
Debian Security Advisory DSA 1608-1 (mysql-dfsg-5.0)
The remote host is missing an update to mysql-dfsg-5.0 announced via advisory DSA 1608-1. OpenVAS Vulnerability Test $Id: deb16081.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1608-1 mysql-dfsg-5.0 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...
Debian DSA-1608-1 : mysql-dfsg-5.0 - authorization bypass
Sergei Golubchik discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it under proper conditions prevent two databases from using the same paths for data or index files. This permits...
DSA-1608-1 mysql-dfsg-5.0 - authorization bypass
Bulletin has no description...