CVE-2007-4639

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbgcreatelistener, which allows remote authenticated users to cause a denial of service daemon crash and possibly execute arbitrary code via a SELECT statement that invokes a...

IBM Rational ClearQuest Web Login Bypass SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== IBM Rational ClearQuest Web Login Bypass SQL Injection Vulnerability ====================================================================...

Design/Logic Flaw

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant ...

Sql injection

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

Integer overflow

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert statement. NOTE: this issue is due to an...

CVE-2007-2799

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert statement. NOTE: this issue is due to an...

CVE-2007-2693

MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement...

Microsoft Exchange Outlook Web Access UTF character set label script injection vulnerability

Overview Microsoft Exchange Outlook Web Access OWA fails to properly handle the UTF character set label, which can allow a remote, unauthenticated attacker to execute script within the security context of the OWA user. Description OWA allows users to access their email accounts on a Microsoft...

Code injection

Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service application exit via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the process exits normally."...

New version fixes three different crash vulnerabilities

backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash related to duration logging of V3-protocol Execute messages for 1 COMMIT and 2 ROLLBACK SQL statements...

Sql injection

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almo...

Apple QuickTime movie heap buffer overflow vulnerability

Overview The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an...

MySQL privilege elevation and security restrictions bypass vulnerability-vulnerability warning-the black bar safety net

Affected systems: MySQL AB MySQL = 5.1.10 Description: BUGTRAQ ID: 1 9 5 5 9 MySQL is a very widely used open source relational database system, with a variety of platforms running version. In MySQL, have access but no permission to create users can be created with the Access database only the na...

security flaw

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

CA BrightStor ARCserve (msgeng.exe) Remote Heap Overflow Exploit 2

No description provided by source. !/usr/bin/perl original exploit by lssec.com this is a perl porting acaro at jervus.it use IO::Socket::INET; use Switch; if @ARGV 3 print "--------------------------------------------------------------------\n"; print "Usage : BrightStoreARCServer-11-5-4targets....

CVE-2007-0083

CVE-2007-0083 affects Nuked Klan 1.7 and earlier. The vulnerability is a cross-site scripting (XSS) flaw exploitable via a javascript: URI in a getURL statement within a .swf file, enabling remote script/HTML injection as demonstrated by “Remote Cookie Disclosure.” The NVD entry lists a CVSS v2 b...

ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow

Overview ICONICS Dialog Wrapper Module ActiveX control contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the proce...