CVE-2000-1235

The default configurations of 1 the port listener and 2 modplsql in Oracle Internet Application Server IAS 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor DAD files...

Trlinux Postaci Webmail 1.1.3 - Password Disclosure

Trlinux Postaci Webmail 1.1.3 - Password Disclosure source: https://www.securityfocus.com/bid/2029/info Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database...

Trlinux Postaci Webmail 1.1.3 - Password Disclosure

source: https://www.securityfocus.com/bid/2029/info Postaci Webmail is a database-driven web e-mail system. PostACI contains a vulnerability in its default configuration that may allow a remote attacker to gain access to the underlying database. Webmail stores database username and password...

Re: [MSY] S(ecure)Locate heap corruption vulnerability

On Sun, Nov 26, 2000 at 11:38:25PM +0100, Michel Kaempf wrote: The author, Kevin Lindsay, was contacted and confirmed Secure Locate v2.3 is not affected by the vulnerability described in this advisory. Every Secure Locate version, from 1.4 included to 2.2 included, is affected by the problem, and...

Дырки в CyberOffice Shopping Cart

Можно поменять стоимость заказа и получить доступ к базе данных сервера...

MySQL Unpassworded Account Check

It is possible to connect to the remote MySQL database server using an unpassworded account. This may allow an attacker to launch further attacks against the database. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10481; scriptversion"1.62"; scriptcvsdate"Date:...

PostgreSQL Default Unpassworded Account

It is possible to connect to the remote PostgreSQL database server using an unpassworded account. This may allow an attacker to launch further attacks against the database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Steal Passwords Using SQL Server EM

If you have access to a SQL Server database, as a normal user, you have the ability to view others passwords who have created a DTS package. Scenario: a.. Log into the SQL Server b.. Expand 'Data Transformation Services' c.. Click on 'Local Packages' d.. Right click on any package, and choose...

CVE-2000-0148

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string...

omnis.txt

I'm not sure of the complete extent of applications written in Omnis, but from what I understand, it's a multi-platform Rapid Application Development environment. Essentially, from what I understand having no personal experience with the product, you create one program in Omnis, and it's portable...

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information source: https://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file SITE.CSC which contains sensitive...

Oracle 8 - File Access

source: https://www.securityfocus.com/bid/170/info A number of security file access security vulnerabilities in suid programs that are part of Oracle may be exploited to obtain the privileges of the 'oracle' user and full access to the database system. Only the Unix version of Oracle is vulnerabl...