35 matches found
MiracleLinux 3 : mod_auth_mysql-3.0.0-3.2AXS3 (AXSA:2009-20:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-20:01 advisory. modauthmysql can be used to limit access to documents served by a web server by checking data in a MySQL database. Fixed bugs: CVE-2008-2384 SQL injection...
SUSE CVE-2006-2313
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL...
SUSE CVE-2006-2314
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" backslash byte 0x5c to be the trailing byt...
SUSE CVE-2006-2753
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysqlrealescape function is...
SUSE CVE-2009-2942
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysqlrealescapestring function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
SUSE CVE-2009-2943
The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
Medium: php72
Issue Overview: When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)
This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...
php: htmlspecialchars() insufficient checking of input for multi-byte encodings
The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...
CVE-2009-2942
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysqlrealescapestring function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
PYSEC-2009-18
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
PYSEC-2009-18
The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
Ubuntu 5.04 / 5.10 / 6.06 LTS : dovecot, exim4, postfix vulnerabilities (USN-288-3)
USN-288-1 described a PostgreSQL client vulnerability in the way the '''''''. If a client application uses one of the affected encodings and does not interpret multibyte characters, and an attacker supplies a specially cr...
FreeBSD : postgresql -- encoding based SQL injection (17f53c1d-2ae9-11db-a6e2-000e0c2e438a)
The PostgreSQL development team reports : An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands...
USN-303-1: MySQL vulnerability
An SQL injection vulnerability has been discovered when using less popular multibyte encodings such as SJIS, or BIG5 which contain valid multibyte characters that end with the byte 0x5c the representation of the backslash character ''''''...
SUSE-SA:2006:030: postgresql
The remote host is missing the patch for the advisory SUSE-SA:2006:030 postgresql. Two character set encoding related security problems were fixed in the PostgreSQL database server: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte te...
USN-288-3: PostgreSQL client vulnerabilities
USN-288-1 described a PostgreSQL client vulnerability in the way the '''''''. If a client application uses one of the affected encodings and does...
USN-288-2: PostgreSQL server/client vulnerabilities
USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10. This update fixes the same vulnerabilities for Ubuntu 6.06 LTS. For reference, these are the details of the original USN: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded...
security flaw
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysqlrealescape function is...
Mandrake Linux Security Advisory : postgresql (MDKSA-2006:098)
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of 'Encoding-Based SQL...