1136 matches found
Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
Maybe this is related to http://bugs.proftpd.org/showbug.cgi?id=3173 ? That bug only applies to 1.3.1, so 1.3.0 is not affected. 1.3.2 is supposed to fix this bug. Sergio Aguayo ----- Original Message ----- From: [email protected] To: [email protected] Sent: Tuesday, February 10, 2009...
CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
DEBIAN-CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
Sql injection
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
CVE-2008-2380
CVE-2008-2380 affects Courier Authentication Library (courier-authlib). The CVE describes an SQL injection in authpgsqllib.c when using a non-Latin locale Postgres database, allowing exploitation via query parameters containing apostrophes. Public advisories (Gentoo GLSA-200903-25, SUSE/openSUSE ...
CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...
Courier-Authlib非拉丁字符处理postgres SQL注入漏洞
BUGTRAQ ID: 32926 CVE ID:CVE-2008-2380 CNCVE ID:CNCVE-20082380 Courier-Authlib是一款Courier验证库。 authpgsqllib.c存在漏洞,如果Postgres数据库使用非拉丁字集,可导致SQL注入攻击。 目前没有详细漏洞细节提供。 Courier Mail Server Courier-Authlib 0.61 Courier Mail Server Courier-Authlib 0.60.6 Courier Mail Server Courier-Authlib 0.60.5 升级程序: Couri...
Debian Security Advisory DSA 126-1 (imp)
The remote host is missing an update to imp announced via advisory DSA 126-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Sql injection
SQL injection vulnerability in the Postgres Realtime Engine resconfigpgsql in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors...
Sql injection
SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...
CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine resconfigpgsql in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors...
DEBIAN-CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine resconfigpgsql in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors...
CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine resconfigpgsql in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors...
CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine resconfigpgsql in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors...
CVE-2007-6170
SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...
CVE-2007-6171
Vulnerability: CVE-2007-6171 describes an SQL injection in the Postgres Realtime Engine (res_config_pgsql) of Asterisk 1.4.x (before 1.4.15) and Asterisk C.x (before C.1.0-beta6) . Affected component: Postgres Realtime Engine, res_config_pgsql. Root cause / impact: Remote attackers can exploit un...
CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine resconfigpgsql in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors...