Multiple eGroupware Vulnerabilities

GulfTech Security Research April 20th, 2005 Vendor : eGroupware URL : http://www.egroupware.org/ Version : Versions Prior To 1.0.0.007 Risk : Multiple Vulnerabilities Description: eGroupware is a very popular open source web based collaboration software that can be used within an intranet, or...

DUportal 3.1.2 - type.asp?iCat SQL Injection

DUportal 3.1.2 - type.asp?iCat SQL Injection source: https://www.securityfocus.com/bid/13288/info DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries...

DUportal 3.1.2 - inc_poll_voting.asp?DAT_PARENT SQL Injection

DUportal 3.1.2 - incpollvoting.asp?DATPARENT SQL Injection source: https://www.securityfocus.com/bid/13288/info DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in S...

DUportal Pro 3.4 - cat.asp Multiple SQL Injections

DUportal Pro 3.4 - cat.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could...

DUportal Pro 3.4 - result.asp Multiple SQL Injections

DUportal Pro 3.4 - result.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...

PostgreSQL database array overflow

Array overflow on large number of variables in plpgsql...

Oracle contains multiple SQL injection vulnerabilities

Overview Oracle Database Server versions 9i and 10g contain flaws that may allow SQL injection with privileges of the SYSDBA user. Description Oracle Database Server versions 9i and 10g are vulnerable to SQL injection. These flaws may allow a local attacker with the ability to create function...

phpBB Remote - 'mod.php' SQL Injection

source: https://www.securityfocus.com/bid/13209/info A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to...

Serendipity exit.php Multiple Parameter SQL Injection

The version of Serendipity installed on the remote host allows an attacker to pass arbitrary SQL code through the 'urlid' and 'entryid' parameters of the 'exit.php' script. These flaws may lead to the disclosure / modification of data or attacks against the underlying database application...

CVE-2004-0637

Oracle Database Server versions 8.1.7.4 through 9.2.0.4 are affected by a privilege-escalation vulnerability in the publicly accessible ctxsys.driload package. An authenticated user can invoke ctxsys.driload to execute arbitrary SQL statements with DBA privileges, enabling actions such as creatin...

OneWorldStore - 'OWListProduct.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/13182/info OneWorldStore is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise...

Oracle Database PLSQL Statement - Multiple SQL Injections s

Oracle Database PLSQL Statement - Multiple SQL Injections s / Advanced SQL Injection in Oracle databases Becoming the SYS user with SQL Injection. This script creates functions that can be injected to replace the password of the SYS user and to restore it to the original value. By Esteban Martine...

SQL Injection in Oracle Forms

SQL Injection in Oracle Forms V1.00 © 2005 by Red-Database-Security GmbH 1/5 Summary: All Oracle Forms applications are vulnerable against SQL Injection by default. Oracle Applications =11.5.9 is not affected due to the default setting value “FORMSxxRESTRICTENTERQUERY = TRUE”. About Oracle Forms:...

Mandrake Linux Security Advisory : MySQL (MDKSA-2005:070)

A vulnerability in MySQL would allow a user with grant privileges to a database with a name containing an underscore character '' to have the ability to grant privileges to other databases with similar names. This problem was previously discovered and fixed, but a new case where the problem still...

Invision Power Board 1.x - 'ST' SQL Injection

source: https://www.securityfocus.com/bid/13097/info Invision Power Board is reported prone to an SQL injection vulnerability. Due to improper filtering of user-supplied data, attackers may pass SQL statements to the underlying database through the 'st' parameter. Invision Power Board 1.3.1 and...

punBB < 1.2.5 profile.php SQL Injection

Binary data 2807.prm...

USN-109-1: MySQL vulnerability

USN-32-1 fixed a database privilege escalation vulnerability; original advisory text: "If a user was granted privileges to a database with a name containing an underscore "", the user also gained the ability to grant privileges to other databases with similar names. CAN-2004-0957" Recently a corn...

MaxWebPortal < 1.36 XSS and SQL Injection Vulnerabilities

Binary data 2783.prm...

Microsoft Windows msjet database multipl vulnerabilities

Microsoft Windows msjet databases multiple vulnerabilities...

Oracle 8i/9i Database Server UTL_FILE Traversal Arbitrary File Manipulation

According to its version number, the installation of Oracle on the remote host is reportedly subject to multiple directory traversal vulnerabilities that may allow a remote attacker to read, write, or rename arbitrary files with the privileges of the Oracle Database server. An authenticated user...