9391 matches found
CVE-2008-3197
Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...
php escapeshellcmd multibyte encoding vulnerability analysis and extension-a vulnerability warning-the black bar safety net
漏洞 公告 在 http://www.sektioneins.de/advisories/SE-2008-03.txt PHP 5 = 5.2.5 PHP 4 = 4.4.8 Some allow as GBK, EUC-KR, SJIS, etc. wide byte character set systems may be affected by this impact, the impact is still very large, the domestic virtual host should be the pass to kill, in testing this...
Sql injection
SQL injection vulnerability in the Courier Authentication Library aka courier-authlib before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified...
CVE-2008-2667
SQL injection vulnerability in the Courier Authentication Library aka courier-authlib before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified...
CVE-2008-2667
SQL injection vulnerability in the Courier Authentication Library aka courier-authlib before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified...
CVE-2008-2667
SQL injection vulnerability in the Courier Authentication Library aka courier-authlib before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified...
FreeBSD : Courier Authentication Library -- SQL Injection (022baf71-38e6-11dd-8d34-00e0815b8da8)
Secunia reports : A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploit...
Courier Authentication Library -- SQL Injection
Secunia reports: A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploite...
mysql improper suid argument evaluation
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE...
[SECURITY] Fedora 7 Update: lighttpd-1.4.19-4.fc7
Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...
IBM DB2数据库db2dasrrm缓冲区溢出和文件创建漏洞
BUGTRAQ ID: 27870 CVECAN ID: CVE-2007-5758,CVE-2007-5664 IBM DB2是一个大型的商业关系数据库系统,面向电子商务、商业资讯、内容管理、客户关系管理等应用,可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。...
Explain in detail the hacker used a remote control Trojan horse-vulnerability warning-the black bar safety net
Like browsing online the news people will often see someone privacy is hack theft, or in order to blackmail the victim thing. Here we might ask, How do they do it? In fact, the answer is very simple, but is the use of a remote Trojan to achieve control, the following the author will for the hacki...
DEBIAN-CVE-2008-1692
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine...
CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 IPv4 and sniffing a cookie sent by Emacs...
PYSEC-2008-10
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...
DEBIAN-CVE-2008-1468
Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...
NULL dereference in iwl driver
The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...
IBM DB2数据库db2db本地权限提升漏洞
BUGTRAQ ID: 27680 CVECAN ID: CVE-2007-5757 IBM DB2是一个大型的商业关系数据库系统,面向电子商务、商业资讯、内容管理、客户关系管理等应用,可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 在设置DB2INSTANCE环境变量的时候,libdb2库会使用相关用户的目录而不是DB2例程目录,这会允许本地非特权用户控制一些set-uid root二进制程序所操作的目录结构。...
Cross site request forgery (csrf)
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted SNMP SET request...
MicroTik RouterOS 3.2 - SNMPd snmp-set Denial of Service
MicroTik RouterOS 3.2 - SNMPd snmp-set Denial of Service / -------------------------------------------------------------------------- c ShadOS 2008 | || || | | |/ / | || | | / - | | ' | ' | / | ' \ - |||||||\|||, |||// hellknights.void.ru |/ .0x48k...