[security bulletin] HPSBMA02293 SSRT071494 rev.1 - HP Select Identity, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01293337 Version: 1 HPSBMA02293 SSRT071494 rev.1 - HP Select Identity, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Relea...

PHP-Nuke Module Advertising Blind SQL Injection

!/usr/bin/perl Product: PHP-Nuke Module Advertising BugFounder: 0x90 HomePage: WwW.0x90.COM.Ar Problem: Blind SQL Injection use strict; use warnings; use LWP; use Time::HiRes; use IO::Socket; my $host = "http://url/modules.php?name=Advertising"; my $useragent = LWP::UserAgent-new; my $metodo =...

CVE-2007-5928

OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear...

PT-2007-6861 · Openbase · Openbase

Name of the Vulnerable Software and Affected Versions: OpenBase versions 10.0.5 and earlier Description: The issue allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. It is unclear if this is a buffer overflow. Recommendation...

vanilla-sql.txt

= 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo "------------------------------------------------------------\n"; echo "Vanilla - use specific prefix default LUM\n"; echo "-id= - use specific user id default 1\n"; echo "-c= - benchmark's loop count default 300000\n"; echo "-...

Design/Logic Flaw

Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors...

CVE-2007-5391

Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors...

CVE-2007-5391

Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors...

CVE-2007-5391

Technical details for CVE-2007-5391 are not publicly available in the provided documents; monitor for updates.

HP-UX Security Patch : PHKL_22589

LOFS, select, IDS/9000 and umount race fix %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26341; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

HP-UX Security Patch : PHKL_22142

Cumulative LOFS, select, IDS/9000 support %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26339; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

HP-UX Security Patch : PHKL_22517

LOFS, select, IDS/9000 and umount race fix %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26340; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...

dfdcart-rfi.txt

DFD Cart 1.1 Multiple Remote File Inclusion Vulnerabilities Vulnerability Type: Remote File Inclusion Vulnerable file: /dfdcart/app.lib/product.control/core.php/product.control.config.php Exploit URL:...

Mercury/32 4.52 IMAPD - 'SEARCH' (Authenticated) Overflow

Z:\ExpmercurySEARCH.pl 127.0.0.1 143 void ph4nt0m.org Mercury/32 v4.52 IMAPD SEARCH command Post-Auth Stack Overflow Exploit Found & Code by void ph4nt0m.org S: OK mercury.ph4nt0m.org IMAP4rev1 Mercury/32 v4.52 server ready. C: pst06 LOGIN void ph4nt0m.org S: pst06 OK LOGIN completed. C: pst06...

Null pointer dereference

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbgcreatelistener, which allows remote authenticated users to cause a denial of service daemon crash and possibly execute arbitrary code via a SELECT statement that invokes a...

CVE-2007-4639

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbgcreatelistener, which allows remote authenticated users to cause a denial of service daemon crash and possibly execute arbitrary code via a SELECT statement that invokes a...

CVE-2007-4639

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbgcreatelistener, which allows remote authenticated users to cause a denial of service daemon crash and possibly execute arbitrary code via a SELECT statement that invokes a...

GLSA-200708-10 : MySQL: Denial of Service and information leakage

The remote host is affected by the vulnerability described in GLSA-200708-10 MySQL: Denial of Service and information leakage Dormando reported a vulnerability within the handling of password packets in the connection protocol CVE-2007-3780. Andrei Elkin also found that the 'CREATE TABLE LIKE'...

CVE-2007-4418

IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details...

Authorization

IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details...