PostgreSQL privilege escalation

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

PostgreSQL privilege escalation

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

DEBIAN-CVE-2007-6562

Multiple stack-based buffer overflows in the use of FDSET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the 1 SocketAddress::Connect function in libsolve/sockprot.cpp and 2 monitorbridge function in...

WinRAR 3.30 Long Filename Buffer Overflow Exploit

No description provided by source. / WinRAR Buffer Overflow 3.30 Exploit Bug founded by: Vredited By Alpha Programmer & Trap-Set U.H Team Exploit made by: K4P0 Contact: [email protected] / include stdio.h include windows.h int mainvoid char EvilBuff1024; // Normal cmd.exe shellcode...

WordPress Charset SQL injection vulnerability (re-resend)

Terribly sorry, gmail messed up the GPG signature. Hope this one can get through. === WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-10 Source: Abel Cheung abelcheung at gmail dot com Affected version: WordPress = 2.3.1 Exploit type: Remote Risk:...

CVE-2007-6318

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...

CVE-2007-6318

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...

Sql injection

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...

WordPress wp-db.php文件字符集SQL注入漏洞

BUGTRAQ ID: 26795 WordPress是一款免费的论坛Blog系统。 WordPress处理用户数据时存在漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击。 WordPress中的大多数数据库查询使用escape方式过滤SQL字符串，实际上是通过addslashes函数过滤输入，而addslashes函数没有考虑SQL字符串中所使用的字符集，盲目的向单引号前插入反斜线，这样的反斜线可能会形成其他有效的字符。以下是wp-includes/query.php中的漏洞代码： // If a search pattern is specified, load the posts...

CVE-2007-6318

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...

CVE-2007-6318

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...

WordPress 2.3.1 - Charset SQL Injection

WordPress 2.3.1 - Charset SQL Injection === WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-12 Source: Abel Cheung Affected version: WordPress = 2.3.1 Exploit type: Remote Risk: Moderate CVE: pending Reference:...

WordPress Core 2.3.1 - Charset SQL Injection

=== WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-12 Source: Abel Cheung Affected version: WordPress = 2.3.1 Exploit type: Remote Risk: Moderate CVE: pending Reference: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt 1. Summary...

IBM AIX bellmail 有邮件用户代理本地栈溢出漏洞

BUGTRAQ ID: 26257 CVECAN ID: CVE-2007-4623 IBM AIX是一款商业性质的UNIX操作系统。 AIX的bellmail工具实现上存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升权限。 AIX中所安装的bellmail程序中的sendrmt函数存在栈溢出漏洞，当用户试图使用“m”命令发送邮件时会调用该函数。在这个函数中，调用了一些sprintf以将用户提供的输入连接到静态字符串，但没有执行边界检查来确保所生成的字符串会适合栈上所分配的目标缓冲区，因此攻击者可以提供超长参数控制栈上数据和受影响进程，导致以root权限执行任意指令。 IBM AIX 5...

util-linux (u)mount doesn't drop privileges properly when calling helpers

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

iDefense Security Advisory 10.30.07: IBM AIX swcons Local Arbitrary File Access Vulnerability

IBM AIX swcons Local Arbitrary File Access Vulnerability iDefense Security Advisory 10.30.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 30, 2007 I. BACKGROUND The swcons program is a set-uid root application which is installed by default on IBM AIX. It allows for console logs to b...

openSUSE 10 Security Update : dovecot (dovecot-1987)

Dovecot might have been affected by the multibyte character set SQL injection issues for instance described in CVE-2006-2314. This patch fixes the MySQL and PostgreSQL backend to use the correct quoting methods when passing user-supplied strings. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Microsoft Windows SMB Blank Administrator Password

The remote host is running one of the Microsoft Windows operating systems. It was possible to log into it using the administrator account with a blank password. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid26918; scriptversion"1.20"; scriptcvsdate"Date: 2018/07/27...