How to bypass libinjection in many WAF/NGWAF

Before we start, libinjection is a very popular open-source project created by Nick Galbreath from Signal Sciences. A lot of WAFs and NGWAFs use this library instead of regular expressions because of performance. For example, modsecurity since version 2.7.4 supports libinjection by two operators ...

Apple Patches Dozens of Flaws in iOS 8.4, OS X 10.10.4

Apple has released new versions of iOS and OS X, both of which include a significant number of security patches, several for bugs that can lead to remote code execution and other serious issues. Version 8.4 of iOS contains fixes for more than 30 security vulnerabilities, including bugs in the iOS...

Oracle Database Server LT.ROLLBACKWORKSPACE SQL Injection (CVE-2009-0978)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

IBM DB2 Universal Database Multiple SQL Functions Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required to exploit this vulnerability. The specific flaw exists in the parsing of VARCHAR arguments to a number of stored procedures available by default on DB2...

Oracle Database SYS.KUPW-WORKER Package MAIN Procedure SQL Injection (CVE-2006-3698)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

Ubuntu 6.06 LTS : mysql-dfsg-5.0 vulnerabilities (USN-338-1)

Dmitri Lenev discovered that arguments of setuid SQL functions were evaluated in the security context of the functions' definer instead of its caller. An authenticated user with the privilege to call such a function could exploit this to execute arbitrary statements with the privileges of the...

RHEL 5 : postgresql (RHSA-2007:0068)

Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS. Two flaw...

USN-338-1: MySQL vulnerabilities

Dmitri Lenev discovered that arguments of setuid SQL functions were evaluated in the security context of the functions' definer instead of its caller. An authenticated user with the privilege to call such a function could exploit this to execute arbitrary statements with the privileges of the...

Sybase Anywhere multiple bugs

Buffer overflows, format string bugs, etc in multiple SQL functions...

PostgreSQL buffer overflows

Multiple buffer overflow in different SQL functions...