Cross site scripting

Cross-site scripting XSS vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.21, 8.12.7, and 8.05; allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not...

CVE-2010-0440

The CVE-2010-0440 issue is a Cross-Site Scripting (XSS) vulnerability in Cisco Secure Desktop (CSCOT) translation path. Affects Cisco Secure Desktop 3.4.2048 and earlier than 3.5, and is also implicated in Cisco ASA appliances running before 8.2(1), 8.1(2.7), and 8.0(5). The root cause is imprope...

CVE-2010-0462

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function...

Aurora CMS Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================= Aurora CMS Remote SQL Injection Exploit ======================================= Exploit Title: Aurora CMS Remote SQL Injection Exploit content.php Date: December 22nd, 2009 Author: Sora Software Link...

Aurora CMS - SQL Injection

Aurora CMS - SQL Injection Exploit Title: Aurora CMS Remote SQL Injection Exploit content.php Date: December 22nd, 2009 Author: Sora Software Link: http://www.auroracms.com.au/ Version: 1.0, 2.0, and 3.0 Tested on: Windows and Linux ------------------------------------------------ Aurora CMS Remo...

Aurora CMS - SQL Injection

Exploit Title: Aurora CMS Remote SQL Injection Exploit content.php Date: December 22nd, 2009 Author: Sora Software Link: http://www.auroracms.com.au/ Version: 1.0, 2.0, and 3.0 Tested on: Windows and Linux ------------------------------------------------ Aurora CMS Remote SQL Injection Exploit...

Oracle Database Server DBMS_AQELM Package Buffer Overflow (CVE-2008-2607)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, e.g., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

2 5 1 7 5 student enrollment management system Ze70_0ay-vulnerability warning-the black bar safety net

Go By Link Hazards. The problem will lead to hackers construct a malicious statement injection indirect to get webshell Many of the files are with the che function to filter the post or get to the variables che whether the function security. See.: the Function cheStr If IsnullStr Then che = "" Ex...

Oracle SQL Generic Query

This module allows for simple SQL statements to be executed against an Oracle instance given the appropriate credentials and sid. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle SQL...

MySQL SELECT语句处理拒绝服务漏洞

CVE ID: CVE-2009-4019 MySQL是一款使用非常广泛的开放源代码关系数据库系统，拥有各种平台的运行版本。 MySQL的mysqld守护程序没有正确地处理在执行某些带有子查询的SELECT语句期间所产生的错误，在执行使用GeomFromWKB函数的语句期间没有保留某些nullvalue标记，这允许通过认证的远程攻击者通过提交特制语句导致守护程序崩溃。 MySQL AB MySQL 5.1.x MySQL AB MySQL 5.0.x 厂商补丁： MySQL AB -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Code injection

mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not 1 properly handle errors during execution of certain SELECT statements with subqueries, and does not 2 preserve certain nullvalue flags during execution of statements that use the GeomFromWKB function, which allows remote...

Ex-United Way IT Employee Sentenced to 18 Months

Former United Way employee based in Miami, Luis Robert Altamirano, was sentenced to 18 months in jail and fined $50,000 for accessing his former employers’ network and deleting “numerous files from UWMD’s servers” and disabling “UWMD’s telephone voice mail system and prevented UWMD employees from...

MySQL 5.1 < 5.1.41 Multiple Vulnerabilities

The version of MySQL 5.1 installed on the remote host is earlier than 5.1.41 and is, therefore, potentially affected by the following vulnerabilities : - An incomplete fix was provided in 5.1.24 for CVE-2008-2079, a symlink-related privilege escalation issue. Bug 39277 - MySQL clients linked...

CVE-2009-3577

Autodesk 3D Studio Max 3DSMax 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."...

MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service

MySQL 6.0.9 - SELECT Statement WHERE Clause Sub-query Denial of Service source: https://www.securityfocus.com/bid/37297/info MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions. An attacker can exploit these issues to crash the...

Microsoft SQL Server INSERT Statement Buffer Overflow (MS08-040; CVE-2008-0106)

Microsoft SQL Server is a popular relational database management system RDBMS. Microsoft SQL Server can be administered programmatically using system stored procedures, or through Distributed Management Objects DMO. Its primary query language is Transact-SQL, an implementation of the ANSI/ISO...

Operation Phish Phry Nets 100 Cyber Criminals

The largest number of defendants ever charged in a cyber-crime case have been indicted in a multinational investigation conducted in the United States and Egypt that uncovered a sophisticated “phishing” operation that fraudulently collected personal information from thousands of victims that was...

MySQL: Using an empty binary value leads to server crash

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

CVE-2003-1573

The PointBase 4.6 database component in the J2EE 1.4 reference implementation J2EE/RI allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun...

CVE-2003-1573

The PointBase 4.6 database component in the J2EE 1.4 reference implementation J2EE/RI allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun...