3182 matches found
MySQL: Format string vulnerability by manipulation with database instances (crash)
Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...
CVE-2009-3261
update/update0.1.2to0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors...
Authentication flaw
update/update0.1.2to0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors...
CVE-2009-3261
update/update0.1.2to0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors...
[Follow_me series]oracle Shell-vulnerability warning-the black bar safety net
The patch from Sun network technology Forum: Days male the starter, reproduced indicate the source of! 1. SQL create tablespace kjtest datafile 'e:\website\kj.asp' 2. size 100k nologging ; Copy the code This will create the Table space. It should be noted that the oracle of the Table, The smalles...
MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
Exploit for multiple platform in category dos / poc ====================================================== MySQL = 4.0.0 are affected. function prototype: writeTHD thd, enumenumservercommand command, const char format, ... function call: writethd, command, packet; on line 2084: case COMCREATEDB: ...
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)
MySQL tested: Version 5.0.45 on CentOS Linux Format String Vulnerability MySQL General Available GA Release is vulnerable. Latest MySQL Version is not vulnerable since the bug if ifdef'ed off. from mysql-5.0.75 source mysql-5.0.75.tar.gz in the file libmysqld/sqlparse.cc this source code is also...
kernel: nfsd should drop CAP_MKNOD for non-root
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...
Stable update: 2 WebKit security fixes
Google Chrome's Stable channel has been updated to version 2.0.172.31 to fix two security issues in WebKit. CVE-2009-1690 Memory corruption A memory corruption issue exists in WebKit's handling of recursion in certain DOM event handlers. Visiting a maliciously crafted website may lead to a tab...
Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1
Ubuntu Update for Linux kernel vulnerabilities USN-528-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5281.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Fedora 9 : dnsmasq-2.45-1.fc9 (2009-1069)
Update to newer upstream version - 2.45. Version of dnsmasq previously shipped in Fedora 9 did not properly drop privileges, causing it to run as root instead of intended user nobody. Issue was caused by a bug in kernel-headers used in build environment of the original packages. 454415 New upstre...
Linux/x86 - /sbin/iptables -POUTPUT DROP Shellcode (60 bytes)
Linux/x86 - /sbin/iptables -POUTPUT DROP Shellcode 60 bytes. Shellcode exploit for Linuxx86 platform Name = John Babio Twitter = 3vi1john Arch = Linux/x86-32 bits Code ///sbin/iptables -POUTPUT DROPPolicy of drop to OUTPUT chain const char sc =...
TOR Privilege Escalation Vulnerability (Windows)
This host is installed with TOR and is prone to Privilege Escalation vulnerability. OpenVAS Vulnerability Test $Id: secpodtorprivilegeescalationwin.nasl 5370 2017-02-20 15:24:26Z cfi $ TOR Privilege Escalation Vulnerability Windows Authors: Sujit Ghosal Copyright c 2008 SecPod,...
Design/Logic Flaw
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a...
CVE-2008-3837
CVE-2008-3837 affects Mozilla Firefox (before 2.0.0.17 and 3.x before 3.0.2) and SeaMonkey (before 1.1.12). A crafted onmousedown action that calls window.moveBy can allow a user‑assisted remote attacker to move a window during a mouse click, potentially triggering a drag‑and‑drop–related action ...
Forced mouse drag — Mozilla
Mozilla developer Paul Nickerson reported a variant of a click-hijacking vulnerability discovered in Internet Explorer by Liu Die Yu. The vulnerability allowed an attacker to move the content window while the mouse was being clicked, causing an item to be dragged rather than clicked-on. This issu...
[SECURITY] Fedora 9 Update: filezilla-3.1.0.1-1.fc9
FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFT P - Cross-platform - Available in many languages - Supports resume and transfer of large files 4GB - Easy to use Site Manager and transfer queue - Dr...
[SECURITY] Fedora 8 Update: filezilla-3.1.0.1-1.fc8
FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFT P - Cross-platform - Available in many languages - Supports resume and transfer of large files 4GB - Easy to use Site Manager and transfer queue - Dr...
mysql DROP privilege not enforced when renaming tables
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables...
MS Outlook Express Window Opener Vulnerability
No description provided by source. Example: Alright microsoft. Get your act together. Seriously, this is the 3rd version of this vulnerability and we can still cause a drag and drop event. Well anyway, to the people that don't design easily exploited software, simply click the link...