CVE-2005-1410

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the 1 dexinit, 2 snbeninit, 3 snbruinit, 4 spellinit, and 5 syninit functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service application crash and possibly have other...

postgresql -- character conversion and tsearch2 vulnerabilities

The postgresql development team reports: The more severe of the two errors is that the functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument...

CVE-2005-1196

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter...

CVE-2005-1199

SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter...

CVE-2005-1170

This CVE refers to an SQL injection in PHPBB’s datenbank module (mod.php) where the id parameter enables remote SQL execution. The underlying vulnerability is an injectable query in mod.php, exposing potential data exposure and integrity impacts (CVSS v2 base score 7.5, HIGH). Affected component ...

CVE-2005-0890

CVE-2005-0890 describes a SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 that allows remote attackers to execute arbitrary SQL commands via the area parameter. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) with network access, low access complexity, and no authentication required,...

CVE-2004-1580

CubeCart 2.0.1 is affected: index.php uses the cat_id parameter in SQL queries, enabling remote SQL injection to potentially modify or disclose data. Root cause: unsafely constructed SQL from user input in cat_id. Impact aligns with CVSS: HIGH (partial confidentiality, integrity, and availability...

CVE-2004-1893

Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a...

CVE-2004-1339

SQL injection vulnerability in the 1 MDSYS.SDOGEOMTRIGINS1 and 2 MDSYS.SDOLRSTRIGINS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.tablename or new.columnname parameters...

[Full-Disclosure] Buffer Overflow in SYS_CONTEXT() in Oracle 9i Rel.2

http://www.red-database-security.com/advisory/advisory200409032.htm RDS200409032 - Red-Database-Security GmbH Research Advisory Name Buffer Overflow in SYSCONTEXT in Oracle 9i Rel.2 Systems Affected Oracle9i Rel. 2 Windows platform only Severity Medium Risk Category Buffer Overflow Vendor URL...

Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information Disclosure

source: https://www.securityfocus.com/bid/8659/info It has been reported that Powerslave Portalmanager is prone to an information disclosure issue that may allow remote attackers to gain access to sensitive information about the underlying database structure. The problem is reported to exist in t...

CVE-2000-0161

This CVE (CVE-2000-0161) arises from Microsoft Site Server 3.0 Commerce Edition failing to validate an identification number, enabling remote SQL command execution via input handling. The vulnerability affects the Site Server Commerce component where input is used in SQL queries without proper va...