9418 matches found
WordPress Charset SQL injection vulnerability (re-resend)
Terribly sorry, gmail messed up the GPG signature. Hope this one can get through. === WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-10 Source: Abel Cheung abelcheung at gmail dot com Affected version: WordPress = 2.3.1 Exploit type: Remote Risk:...
CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...
CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...
Sql injection
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...
WordPress wp-db.php文件字符集SQL注入漏洞
BUGTRAQ ID: 26795 WordPress是一款免费的论坛Blog系统。 WordPress处理用户数据时存在漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击。 WordPress中的大多数数据库查询使用escape方式过滤SQL字符串,实际上是通过addslashes函数过滤输入,而addslashes函数没有考虑SQL字符串中所使用的字符集,盲目的向单引号前插入反斜线,这样的反斜线可能会形成其他有效的字符。以下是wp-includes/query.php中的漏洞代码: // If a search pattern is specified, load the posts...
CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...
CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...
WordPress 2.3.1 - Charset SQL Injection
WordPress 2.3.1 - Charset SQL Injection === WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-12 Source: Abel Cheung Affected version: WordPress = 2.3.1 Exploit type: Remote Risk: Moderate CVE: pending Reference:...
WordPress Core 2.3.1 - Charset SQL Injection
=== WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-12 Source: Abel Cheung Affected version: WordPress = 2.3.1 Exploit type: Remote Risk: Moderate CVE: pending Reference: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt 1. Summary...
IBM AIX bellmail 有邮件用户代理本地栈溢出漏洞
BUGTRAQ ID: 26257 CVECAN ID: CVE-2007-4623 IBM AIX是一款商业性质的UNIX操作系统。 AIX的bellmail工具实现上存在缓冲区溢出漏洞,本地攻击者可能利用此漏洞提升权限。 AIX中所安装的bellmail程序中的sendrmt函数存在栈溢出漏洞,当用户试图使用“m”命令发送邮件时会调用该函数。在这个函数中,调用了一些sprintf以将用户提供的输入连接到静态字符串,但没有执行边界检查来确保所生成的字符串会适合栈上所分配的目标缓冲区,因此攻击者可以提供超长参数控制栈上数据和受影响进程,导致以root权限执行任意指令。 IBM AIX 5...
util-linux (u)mount doesn't drop privileges properly when calling helpers
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...
Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update
Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...
iDefense Security Advisory 10.30.07: IBM AIX swcons Local Arbitrary File Access Vulnerability
IBM AIX swcons Local Arbitrary File Access Vulnerability iDefense Security Advisory 10.30.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 30, 2007 I. BACKGROUND The swcons program is a set-uid root application which is installed by default on IBM AIX. It allows for console logs to b...
openSUSE 10 Security Update : dovecot (dovecot-1987)
Dovecot might have been affected by the multibyte character set SQL injection issues for instance described in CVE-2006-2314. This patch fixes the MySQL and PostgreSQL backend to use the correct quoting methods when passing user-supplied strings. %NASLMINLEVEL 70300 C Tenable Network Security, In...
Microsoft Windows SMB Blank Administrator Password
The remote host is running one of the Microsoft Windows operating systems. It was possible to log into it using the administrator account with a blank password. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid26918; scriptversion"1.20"; scriptcvsdate"Date: 2018/07/27...
Multi user custom field cannot be used with the assignable user permission
If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...
Multi user custom field cannot be used with the assignable user permission
If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...
Design/Logic Flaw
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...
CVE-2007-4529
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...
Live for Speed S1/S2/Demo (.ply file) Buffer Overflow Exploit
Exploit for unknown platform in category local exploits ============================================================= Live for Speed S1/S2/Demo .ply file Buffer Overflow Exploit ============================================================= / 0day Live for speed patch x s2 /s1 and demo local .ply...