CVE-2003-0449

Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via 1 a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so inproapsv, or 2 the -installdir command line parameter, as...

Postaci allows arbitrary SQL query execution

Popular webmail software Postaci ships with Debian lacks of checking for malicious SQL code in variables coming from user while deleting addressbook contacts, bookmarks and notes. This gives opportunity to malicious user to execute arbitrary SQL query. The problem affects Postaci if using...