CVE-2006-1875

CVE-2006-1875 concerns Oracle Database Server versions 9.0.1.5, 9.2.0.7, and 10.1.0.5 with an unspecified vulnerability in the Oracle Spatial component (aka Vuln# DB11). The connected sources indicate the issue has unknown impact and attack vectors in Spatial, and note a researcher claim that the...

CVE-2006-1867

Technical details for CVE-2006-1867 are not publicly available in the provided documents. The entries reference Oracle 9.2.0.6 Advanced Replication with unknown impact and attack vectors. Monitor for authoritative updates and vendor advisories.

CVE-2006-1870

CVE-2006-1870 concerns Oracle Database Server components’ Export functionality (DB05) with an issue in the DBMS_EXPORT_EXTENSION package. Connected documents provide concrete details for CVE-2006-2081, which states that the issue allows local users to execute arbitrary SQL through GET_DOMAIN_INDE...

CVE-2006-1868

Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFYLOG procedure of the DBMSSNAPSHOTUTL package, aka Vuln DB03...

[Full-disclosure] [Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure

Argeniss Security Advisory Name: Oracle Database 10gR1 Buffer overflow in VERIFYLOG procedure DB03 Affected Software: Oracle Database Server version 10gR1 Severity: High Remote exploitable: Yes Authentication to Database Server is needed Credits: Esteban Martinez Fayo Date: 4/18/2006 Advisory...

ThWboard 2.8 - showtopic.php SQL Injection

ThWboard 2.8 - showtopic.php SQL Injection source: https://www.securityfocus.com/bid/17606/info ThWboard is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit cou...

Article Publisher 1.0.1 Pro - Multiple SQL Injections

Article Publisher 1.0.1 Pro - Multiple SQL Injections source: https://www.securityfocus.com/bid/17595/info Article Publisher Pro is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL...

xFlow 5.46.11 - index.cgi Multiple Cross-Site Scripting Vulnerabilities

xFlow 5.46.11 - index.cgi Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17614/info xFlow is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in...

ModernBill 4.3 - 'user.php' SQL Injection

source: https://www.securityfocus.com/bid/17596/info ModernBill is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

xFlow 5.46.11 - 'index.cgi' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/17614/info xFlow is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successfully...

ThWboard 2.8 - 'showtopic.php' SQL Injection

source: https://www.securityfocus.com/bid/17606/info ThWboard is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

Plexum PlexCart X5 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/17617/info Plexum is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise...

Multiple critical and high risk issues in Oracle's database server

David Litchfield of NGSSoftware has discovered multiple critical and high risk vulnerabilities in Oracle's Database Server. Versions affected include Oracle Database 10g Release 2, versions 10.2.0.1, 10.2.0.2 Oracle Database 10g Release 1, versions 10.1.0.4, 10.1.0.5 Oracle9i Database Release 2,...

PowerClan 1.14 - member.php SQL Injection

PowerClan 1.14 - member.php SQL Injection source: https://www.securityfocus.com/bid/17528/info PowerClan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit cou...

PowerClan 1.14 - 'member.php' SQL Injection

source: https://www.securityfocus.com/bid/17528/info PowerClan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

CVE-2006-1705

CVE-2006-1705 affects Oracle Database 9.2.0.0 to 10.2.0.3. Local users who have SELECT privileges on a base table can insert, update, or delete data by crafting and querying a view, due to a design issue in processing Join Views. Connected sources corroborate the same vulnerable behavior and iden...

phpList 2.10.2 - GLOBALS[] Remote Code Execution

phpList 2.10.2 - GLOBALS Remote Code Execution !/usr/bin/php -q -d shortopentag=on this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd...

[ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV28$2006 --------------------------------------------------------------------------- ECHOADV28$2006 Clever Copy = 3.0 Connect.inc Critical Information Disclosure ---------------------------------------------------------------------------...

phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution

!/usr/bin/php -q -d shortopentag=on this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...

MD News 1 - 'admin.php' SQL Injection

source: https://www.securityfocus.com/bid/17394/info MD News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...