SAP MaxDB Multiple Vulnerabilities

The remote host is running MaxDB, a database server from SAP. According to its version, the remote server is affected by a multiple flaws : - A vulnerability in 'vserver' process could allow an unauthenticated attacker to execute arbitrary code, subject to the privileges of the user under which t...

Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Multiple DoS in JAR files manipulation procedures April 17th 2008 Risk Level: High Affected versions: All versions of IBM DB2 Database Server on Windows platform. Remote exploitable: Yes Authentication to Database Server...

Borland Interbase database server buffer overflow

Buffer overflow on TCP/3050 data parsing...

SAP MaxDB database server multiple security vulnerabilities

vserver remote heap overflow, sdbstarter privilege escalation...

IBM DB2 database server multiple security vulnerabilities

TCP/523 remote administration service memory corruption. Dynamic livrary loading by relative path...

Debian Security Advisory DSA 1451-1 (mysql-dfsg-5.0)

The remote host is missing an update to mysql-dfsg-5.0 announced via advisory DSA 1451-1. OpenVAS Vulnerability Test $Id: deb14511.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1451-1 mysql-dfsg-5.0 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

Debian Security Advisory DSA 1169-1 (mysql-dfsg-4.1)

The remote host is missing an update to mysql-dfsg-4.1 announced via advisory DSA 1169-1. Several local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4226 Michal Prokopiuk discovered...

MyBB < 1.2.11 forumdisplay.php sortby Parameter Command Execution

Binary data 4346.prm...

RHEL 4 / 5 : mysql (RHSA-2007:1155)

Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server...

CentOS 4 / 5 : mysql (CESA-2007:1155)

Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server...

GLSA-200711-25 : MySQL: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200711-25 MySQL: Denial of Service Joe Gallo and Artem Russakovskii reported an error in the convertsearchmodetoinnobase function in hainnodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS...

Oracle 11g/10g Installation Vulnerability

Oracle Database Server是一款商业性质的数据库服务程序。 Oracle Database Server安装过程存在设计问题，远程攻击者可以利用漏洞绕过安全在一定过程中访问数据库。 Oracle 11g和10g在安装过程中包含了SYS和SYSTEM帐户，其包含默认密码并最安装最后密码才更改，这就提供了攻击者在安装过程中登录数据库服务器的机会。导致未授权访问系统。 Oracle Oracle11g Standard Edition One 11.1 6 Oracle Oracle11g Standard Edition 11.1 6 Oracle Oracle11g...

Oracle 11g/10g Installation Vulnerability

Hey all, After investigating 11g the other day I came across an interesting issue. During the installation of Oracle 11g and 10g all accounts, including the SYS and SYSTEM accounts, have their default passwords and only at the end of the install are the passwords changed. This means that there is...

Oracle Database Server PITRIG_DROPMETADATA缓冲区溢出漏洞

Oracle Database Server是一款商业性质的数据库服务程序。 Oracle Database 10gR2处理XDB.XDBPITRIGPKG.PITRIGDROPMETADATA过程存在缓冲区溢出，远程攻击者可以利用漏洞以数据库帐户上下文执行任意指令。 XDB.XDBPITRIGPKG.PITRIGDROPMETADATA过程接收两个参数，OWNER和NAME，这些参数长度由内部函数使用，在没有过滤的情况下构建SQL查询，如果组合的两个字段长度过长，可导致缓冲区溢出，以数据库帐户上下文执行任意指令 Oracle Oracle10g Standard Edition 10....

Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1)

Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server's memory, which could allow retrieving database...

Buffer overflow

Buffer overflow in MDSYS.SDOCS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service crash and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515,...

CVE-2007-5897

Buffer overflow in MDSYS.SDOCS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service crash and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515,...

CVE-2007-5897

Buffer overflow in Oracle Database Server (MDSYS.SDO_CS) allows remote authenticated users to crash the server and execute arbitrary code via the TRANSFORM function. Affected: Oracle 8iR3, 9iR1/2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4. Note: this CVE may be related to CVE-2007-5515, CVE-2007-550...

iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability

iDefense Security Advisory 11.07.07 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 07, 2007 I. BACKGROUND Oracle Database Server is a family of database products that range from personal databases to enterprise solutions. Further information is available at the following URL...

Oracle Database Server MDSYS.SDO_CS缓冲区溢出漏洞

Oracle Database Server是一款商业性质的功能强大的数据库服务程序。 Oracle Database Server处理MDSYS.SDOCS.TRANSFORM函数存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 Oracle Database Server提供的MDSYS.SDOCS包包含子程序用于与协作系统工作。此包TRANSFORM过程处理存在缓冲区溢出，任何对MDSYS.SDOCS有执行权限的Oracle数据库用户可利用此漏洞。 Oracle Oracle9i Standard Edition 9.2 .6 Oracle Oracle9i...