About the database the simple intrusion and rogue damage-vulnerability warning-the black bar safety net

For domestic and foreign a lot of news, BBS and e-Commerce site using ASP+SQL design, and write an ASP programmer many many have just graduated, so, ASP+SQL attack success rate is relatively high. This type of attack method with the NT version and SQL version is not much relationship, there is no...

Yahoo Messenger YMailAttach ActiveX control buffer overflow

Overview The Yahoo Messenger YMailAttach ActiveX control contains a buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo Messenger is an instant messaging application. Yahoo Messenger includes several ActiveX...

CVE-2006-6201

Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function...

[Full-disclosure] Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability

====================================================================== Secunia Research 29/11/2006 - Borland Products idsql32.dll Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

NetGear wireless driver fails to properly process certain 802.11 management frames

Overview A buffer overflow vulnerability has been reported in the Netgear WG111v2.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG111v2.SYS driver is a wireless 802.11...

security flaw

Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements...

PHPKit161rc2.txt

+-------------------------------------------------------------------- + + PHPKit 1.6.1 RC2 + + Original advisory: + http://www.bb-pcsecurity.de/ + +-------------------------------------------------------------------- + + Affected Software .: PHPKit 1.6.1 RC2 + Venedor ...........:...

CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...

CVE-2006-5540

CVE-2006-5540 affects PostgreSQL 8.1.x prior to 8.1.5. A Denial of Service can be triggered by remote authenticated users through certain aggregate functions in an UPDATE, related to MIN/MAX index optimization. Connected advisories/alerts corroborate this issue across multiple distributions (RHSA...

Retro64 / Miniclip CR64Loader ActiveX control buffer overflow

Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control developed by Retro64. The web sites...

[Full-disclosure] Secunia Research: AOL Insecure Default Directory Permissions

====================================================================== Secunia Research 18/08/2006 - AOL Insecure Default Directory Permissions - ====================================================================== Table of Contents Affected...

Apple Mac OS X AFP server vulnerable to an integer overflow when file sharing is enabled

Overview A vulnerability in Apple Mac OS X AFP server may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition on an affected system. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files from a server. Apple's M...

Mozilla products contain a race condition

Overview Mozilla products contain a race condition. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Mozilla products JavaScript garbage collection process may delete a variable while that variable is still in use. This may corrupt...

CVE-2006-3544

Multiple SQL injection vulnerabilities in Invision Power Board IPB 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a 1 Stats, 2 Mail, and 3 Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE...

CVE-2006-3365

V3 Chat allows remote attackers to obtain the installation path via 1 an invalid id parameter to mail/index.php or 2 membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement...

CVE-2006-3365

V3 Chat allows remote attackers to obtain the installation path via 1 an invalid id parameter to mail/index.php or 2 membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement...

CVE-2006-3365

The CVE affects V3 Chat. An incorrect SQL statement in mail/index.php (invalid id) and messenger/online.php (membername) causes an error page that reveals the installation path, constituting information disclosure. Exploitation details are not provided beyond this error-based exposure. NVD lists ...

Secure Elements Class 5 AVR uses the same RSA key for all installations

Overview Secure Elements Class 5 AVR uses the same RSA key for all installations. This may allow a remote attacker to decrypt communications between systems. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security product that monitors and enforces...

CVE-2006-2331

Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via 1 a .. dot dot in the settingslocale parameter in infusions/lastseenuserspanel/lastseenuserspanel.php, and 2 a .. dot dot in the localeset parameter in...

MySQL fails to properly validate COM_TABLE_DUMP packets

Overview MySQL contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable server. Description MySQL and COMTABLEDUMPMySQL is an open-source database system available for Microsoft Windows, Linux, and other UNIX-based operating systems...