Xpressions Interactive - Multiple SQL Injections

source: https://www.securityfocus.com/bid/7804/info Several software products maintained by Xpressions Interactive are prone to SQL injection attacks. The vulnerability exists in the login.asp page. Specifically, user-supplied input is not sufficiently sanitized of malicious SQL queries. An...

CVE-2003-0222

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter...

CVE-2003-0222

CVE-2003-0222 : A stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows an attacker to execute arbitrary code via a CREATE DATABASE LINK query containing a connect string with a long USING parameter. The vulnerability requires a valid databa...

CVE-2003-0222

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter...

CVE-2002-0679

CVE-2002-0679 concerns the CDE ToolTalk RPC database server, rpc.ttdbserverd, which contains a heap buffer overflow vulnerability triggered by an argument to the _TT_CREATE_FILE() procedure. A remote attacker could exploit this to execute arbitrary code or cause a denial of service, typically run...

CVE-2002-0678

CVE-2002-0678 relates to the CDE ToolTalk RPC database server (rpc.ttdbserverd). The OpenVAS/CERT CORE disclosures describe two vulnerabilities: (1) _TT_ISCLOSE range-check flaw permitting memory overwriting of the process when a local or remote client calls _TT_ISCLOSE; (2) _TT_TRANSACTION/log_f...

CVE-2002-0571

CVE-2002-0571 affects Oracle9i database server 9.0.1.x and allows local users to access restricted data via a SQL query that uses ANSI outer join syntax. The underlying cause is not detailed in the provided documents, and there are no explicit remediation steps or exploit details in the connected...

CVE-2002-1767

Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument...

CVE-2002-0677

CDE ToolTalk database server ttdbserver allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTHUNIX procedure call, which is used as a table index by the TTISCLOSE procedure...

Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk Original release date: July 10, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Systems running CDE ToolTalk Overview Two...

Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) does not adequately validate file operations

Overview The Common Desktop Environment CDE ToolTalk RPC database server does not adequately validate file operations and follows symbolic links, allowing a local attacker to overwrite any file that is writeable by the server. The ToolTalk RPC database server typically runs with root privileges...

CVE-2001-0717

Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function...

Oracle 9iAS default configuration allows access to "globals.jsa" file

Overview Oracle Database Server version 9iAS allows remote users to view the "globals.jsa" file used by Java Server Page JSP scripts. The "globals.jsa" file may contain Oracle usernames, passwords, and other configuration information not intended for public viewing, and attackers may use that...

CVE-1999-1240

Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message...

MySQL Server Detection

The remote host is running MySQL, an open source database server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10719; scriptversion"1.45"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/24"; scriptxrefname:"IAVT", value:"0001-T-0802";...

CVE-2001-0008

Interbase servers (Borland/Inprise Interbase 4.x/5.x and Open Source Interbase 6.x; Firebird 0.9-3 and earlier) contain a compiled‑in backdoor account with a fixed password that can be used by any user to manipulate database objects via port 3050/tcp and potentially overwrite files. The CERT/CA a...

Progress Database Server 8.3b - prodb Local Privilege Escalation

Progress Database Server 8.3b - prodb Local Privilege Escalation / progress database server v8.3b local root compromise. for sco-unix and linux on linux redhat 6.2 and SCOSV scosysv 3.2 5.05 this is just one of it, advisory about the bug discovery grabbed from packetstorm, which was originally...

Progress Database Server 8.3b - 'prodb' Local Privilege Escalation

/ progress database server v8.3b local root compromise. for sco-unix and linux on linux redhat 6.2 and SCOSV scosysv 3.2 5.05 this is just one of it, advisory about the bug discovery grabbed from packetstorm, which was originally found by: [email protected] exploit usage: ./prodbx offset...

Progress Database Server 8.3b (prodb) Local Root Exploit

Exploit for multiple platform in category local exploits ======================================================== Progress Database Server 8.3b prodb Local Root Exploit ======================================================== / progress database server v8.3b local root compromise. for sco-unix an...

CVE-2000-0446

Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string...