MySQL: Using an empty binary value leads to server crash

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

CVE-2003-1573

The PointBase 4.6 database component in the J2EE 1.4 reference implementation J2EE/RI allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun...

CVE-2003-1573

The PointBase 4.6 database component in the J2EE 1.4 reference implementation J2EE/RI allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun...

Traidnt Up 2.0 - Cookie Authentication Bypass

|| || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: Traidnt Up version 2.0 Auth Bypass / Cookie SQL Injection Vulnerability =INFO: http://traidnt.net/vb/showthread.php?t=943260 =BUY: ---- =DORK: ----...

Traidnt Up 2.0 - Cookie Authentication Bypass

Traidnt Up 2.0 - Cookie Authentication Bypass || || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: Traidnt Up version 2.0 Auth Bypass / Cookie SQL Injection Vulnerability =INFO: http://traidnt.net/vb/showthread.php?t=943260 =BUY: ---- =DORK: ----...

Design/Logic Flaw

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

Web Group Communication Center (WGCC) <= 1.0.3 SQL Injection Vuln

No description provided by source. Title : Web Group Communication Center XSS/SQL Multiple Remote Vulnerabilies Author : myvx Date : 13.05.2008 Application : Web Group Communication Center Version : = 1.0.3 PreRelease 1 Vendor : http://wgcc.de/ Download :...

Koobi Pro 5.7 (categ) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== Koobi Pro 5.7 categ Remote SQL Injection Vulnerability ======================================================== + Koobi Pro 5.7 index.php categ Remote Sql Inj. Vuln +...

phpkit-sql.txt

!/usr/bin/perl Vulnerability found & exploit written by $h4d0wl33t shadowleet Contact: [email protected] Phpkit 1.6.4pl1 Non Public Exploit by $hadowleet, Description: Vulnerability in file pkinc/public/article.php On line 71: $contentid=!$contentid && isset$REQUEST'contentid' &&...

IBM Rational ClearQuest Web Login Bypass SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== IBM Rational ClearQuest Web Login Bypass SQL Injection Vulnerability ====================================================================...

CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

About the database the simple intrusion and rogue damage-vulnerability warning-the black bar safety net

For domestic and foreign a lot of news, BBS and e-Commerce site using ASP+SQL design, and write an ASP programmer many many have just graduated, so, ASP+SQL attack success rate is relatively high. This type of attack method with the NT version and SQL version is not much relationship, there is no...

CVE-2006-6201

Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function...

[Full-disclosure] Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability

====================================================================== Secunia Research 29/11/2006 - Borland Products idsql32.dll Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

PHPKit161rc2.txt

+-------------------------------------------------------------------- + + PHPKit 1.6.1 RC2 + + Original advisory: + http://www.bb-pcsecurity.de/ + +-------------------------------------------------------------------- + + Affected Software .: PHPKit 1.6.1 RC2 + Venedor ...........:...

CVE-2006-3365

V3 Chat allows remote attackers to obtain the installation path via 1 an invalid id parameter to mail/index.php or 2 membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement...

CVE-2006-3365

V3 Chat allows remote attackers to obtain the installation path via 1 an invalid id parameter to mail/index.php or 2 membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement...

CVE-2006-3365

The CVE affects V3 Chat. An incorrect SQL statement in mail/index.php (invalid id) and messenger/online.php (membername) causes an error page that reveals the installation path, constituting information disclosure. Exploitation details are not provided beyond this error-based exposure. NVD lists ...