Lucene search
K

35 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : mod_auth_mysql-3.0.0-3.2AXS3 (AXSA:2009-20:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-20:01 advisory. modauthmysql can be used to limit access to documents served by a web server by checking data in a MySQL database. Fixed bugs: CVE-2008-2384 SQL injection...

7.5CVSS6.4AI score0.01863EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.3 views

SUSE CVE-2006-2314

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" backslash byte 0x5c to be the trailing byt...

7.5CVSS7.7AI score0.02792EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.3 views

SUSE CVE-2006-2313

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL...

7.5CVSS7.9AI score0.02792EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.3 views

SUSE CVE-2006-2753

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysqlrealescape function is...

7.5CVSS8.7AI score0.03536EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-2942

The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysqlrealescapestring function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

7.5CVSS7AI score0.02341EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-2943

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

7.5CVSS7.1AI score0.02207EPSS
Exploits0References3
Amazon
Amazon
added 2020/02/24 12:0 a.m.71 views

Medium: php72

Issue Overview: When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS7.5AI score0.08888EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.37 views

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...

6.5CVSS7.4AI score0.05734EPSS
Exploits3References20
RedHat Linux
RedHat Linux
added 2010/01/13 6:5 p.m.9 views

php: htmlspecialchars() insufficient checking of input for multi-byte encodings

The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...

4.3CVSS5.7AI score0.06497EPSS
Exploits2References4
OSV
OSV
added 2009/10/22 4:30 p.m.6 views

CVE-2009-2942

The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysqlrealescapestring function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

6.4AI score
Exploits0References4
OSV
OSV
added 2009/10/22 4:30 p.m.7 views

PYSEC-2009-18

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

7.5CVSS5.8AI score0.02702EPSS
Exploits0References6
PyPA
PyPA
added 2009/10/22 4:30 p.m.10 views

PYSEC-2009-18

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

7.5CVSS5.8AI score0.02702EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.34 views

Ubuntu 5.04 / 5.10 / 6.06 LTS : dovecot, exim4, postfix vulnerabilities (USN-288-3)

USN-288-1 described a PostgreSQL client vulnerability in the way the '''''''. If a client application uses one of the affected encodings and does not interpret multibyte characters, and an attacker supplies a specially cr...

7.5CVSS6.2AI score0.03536EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2006/08/14 12:0 a.m.22 views

FreeBSD : postgresql -- encoding based SQL injection (17f53c1d-2ae9-11db-a6e2-000e0c2e438a)

The PostgreSQL development team reports : An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands...

7.5CVSS6AI score0.02792EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2006/06/17 12:12 a.m.53 views

USN-303-1: MySQL vulnerability

An SQL injection vulnerability has been discovered when using less popular multibyte encodings such as SJIS, or BIG5 which contain valid multibyte characters that end with the byte 0x5c the representation of the backslash character ''''''...

7.5CVSS5.8AI score0.03536EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/06/16 12:0 a.m.27 views

SUSE-SA:2006:030: postgresql

The remote host is missing the patch for the advisory SUSE-SA:2006:030 postgresql. Two character set encoding related security problems were fixed in the PostgreSQL database server: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte te...

7.5CVSS6.3AI score0.02792EPSS
Exploits0
Ubuntu
Ubuntu
added 2006/06/09 7:46 p.m.53 views

USN-288-3: PostgreSQL client vulnerabilities

USN-288-1 described a PostgreSQL client vulnerability in the way the '''''''. If a client application uses one of the affected encodings and does...

7.5CVSS6AI score0.03536EPSS
Exploits0
Ubuntu
Ubuntu
added 2006/06/09 4:51 p.m.50 views

USN-288-2: PostgreSQL server/client vulnerabilities

USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10. This update fixes the same vulnerabilities for Ubuntu 6.06 LTS. For reference, these are the details of the original USN: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded...

7.5CVSS6AI score0.02792EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2006/06/09 3:0 p.m.9 views

security flaw

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysqlrealescape function is...

7.5CVSS6.1AI score0.03536EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2006/06/08 12:0 a.m.21 views

Mandrake Linux Security Advisory : postgresql (MDKSA-2006:098)

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of 'Encoding-Based SQL...

7.5CVSS5.8AI score0.02792EPSS
Exploits0References2
Rows per page
Query Builder