Microsoft SQL 20007.0 - Agent Jobs Privilege Escalation

Microsoft SQL 20007.0 - Agent Jobs Privilege Escalation source: https://www.securityfocus.com/bid/5483/info Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs. Some of the jobs that the Agent executes have we...

MidiCart Shopping Cart Software database vulnerability

Summary MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product name, surname, address,...

CVE-2002-0564

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor DAD by modifying the URL to reference an alternate DAD that already has valid credentials...

Salescart vuln.

Summary: In a business website which is made by Salescart, all customer records related to that website are reachable. All database can be hide to shop.mdb file, in fpdb directory. Any user can be reach this database whithous permission. There are some special informations this database and they...

Metacart vuln.

Summary MetaCart2.sql is an ASP based shopping Cart application with SQL database. A security vulnerability in the product allows attackers to access the database used for storing user provided data Credit cart numbers, Names, Surnames, Addresses, E-mails, etc. Details Exploit: Accessing any of t...

CVE-2002-0564

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor DAD by modifying the URL to reference an alternate DAD that already has valid credentials...

Snitz Forums 2000 remote SQL query manipulation vulnerability

vulnerable ---------- Product : Snitz Forums 2000 Version : 3.3 3.3.01 3.3.02 3.3.03 last stable version Object : members.asp Class : Input validation error remote SQL query manipulation vulnerability Vendor-URL : http://forum.snitz.com/ Vendor-Status : informed, not patched Remote-Exploit : yes...

IBM Informix Web Datablade 4.1x - Page Request SQL Injection

IBM Informix Web Datablade 4.1x - Page Request SQL Injection source: https://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablad...

Oracle9i Application Server PL/SQL Gateway web administration interface uses null authentication by default

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle 9i Application Server iAS. In its default configuration, the PL/SQL module grants unauthenticated access to the PL/SQL gateway web-based administration interface. Description...

Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. By specifying the Database Access Descriptor DAD used to access a PL/SQL application, an attacker could gain unauthorized access to the application...

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. Specifying a crafted password for a Database Access Descriptor DAD could cause a denial of service or execute arbitrary code with the...

CVE-2000-1199

PostgreSQL stores usernames and passwords in plaintext in 1 pgshadow and 2 pgpwd, which allows attackers with sufficient privileges to gain access to databases...

CVE-2000-1199

CVE-2000-1199 affects PostgreSQL: usernames and passwords are stored in plaintext in (1) pg_shadow and (2) pg_pwd, enabling attackers with sufficient privileges to access databases. This root cause is plaintext credential storage; impact is described as partial confidentiality, partial integrity,...

CVE-2000-1199

PostgreSQL stores usernames and passwords in plaintext in 1 pgshadow and 2 pgpwd, which allows attackers with sufficient privileges to gain access to databases...

CVE-2001-0620

iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server NAS LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions...

ISSalert: ISS Advisory: Multiple Oracle Listener Denial of Service Vulnerabilities

Internet Security Systems Security Advisory June 20, 2001 Multiple Oracle Listener Denial of Service Vulnerabilities Synopsis: Internet Security Systems ISS X-Force has identified four Denial of Service attacks against the Oracle listener service: 1. Offsettodata value too large 2. Requesterversi...

CVE-2001-0418

content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter...

Уязвимость в NetProwler (default password)

Задается стандартный пароль администрирования и доступа к базам данных по-умолчанию...

Exploitable NCM.at - Content Management System

--------------------------------------------------------------------------- Possible Security Problem in NCM - Content Management System Package name: NCM Content Management System Severity: Possible direct access to database of content Date: 2001-04-10 Affected versions: ?, no information from t...

CVE-2000-0254

The CVE-2000-0254 entry concerns the Dansie Shopping Cart. The connected Nessus plugin notes that the script /cart/cart.cgi is present and, if the Dansie Shopping Cart is older than version 3.0.8, it very likely contains a backdoor that allows arbitrary command execution on the remote host. The C...