1730 matches found
[SECURITY] Fedora 9 Update: drupal-views-6.x.2.2-1.fc9
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
Fedora 9 : drupal-views-6.x.2.2-1.fc9 (2008-11519)
Fixes SA-2008-075 http://drupal.org/node/348321. http://drupal.org/node/347831 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
SA-2008-075 - Views - SQL Injection
The Views module provides a flexible method for Drupal site designers to control how lists of content are presented. When using an exposed filter on CCK text fields with allowed values, Views does not filter the data correctly. This may allow malicious users to conduct SQL injection attacks again...
phpBP <= RC3 (2.204) FIX4 Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================ phpBP HACKBOX.pl query"SELECT FROM $confprefixbanners WHERE id=$GETid" or $db-errFILE, LINE; 13 14 if$db-numrows==0 15 16 redirect'index.php?module=error?error=bannerserror2'; 17...
Design/Logic Flaw
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module...
DynamicData(dms)Document&Article Script /dm_browse.asp.asp sql injection
DynamicDatadmsDocument&Article Script /dmbrowse.asp.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam all members thx 3APA3A spec.note : "Live The Life" 1- example.com/patch/dmbrowse.asp?pid=sql methot 1-...
Oracle 9i/10g evil views Change Passwords Exploit (CVE-2007-3855)
Exploit for multiple platform in category local exploits ================================================================= Oracle 9i/10g evil views Change Passwords Exploit CVE-2007-3855 ================================================================= -- -- bunkerview.sql -- -- Oracle 9i/10g -...
Oracle Database - SQL Compiler Views Unauthorized Manipulation
Oracle Database - SQL Compiler Views Unauthorized Manipulation source: https://www.securityfocus.com/bid/24887/info Oracle has released a Critical Patch Update advisory for July 2007 to address multiple vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected...
CVE-2007-2607
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the viewspath parameter...
Modify Data via Inline Views
Name Modify Data via Inline Views 8107967 DB09 Systems Affected Oracle 9i - 10g Rel. 2 Severity High Risk Category Unauthorized Access Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 October 2006 V 1.00 Advisory...
security flaw
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...
security flaw
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...
DEBIAN-CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...
CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...
[Full-disclosure] Oracle read-only user can insert/update/delete data via specially crafted views
Hello Full Disclosure Last Thursday 6th April 2006, Oracle released a note on the Oracle knowledgebase Metalink with details about an unfixed security vulnerability =0day and a working test case =exploit code which effects all versions of Oracle from 9.2.0.0 to 10.2.0.3. This note "363848.1 - A...
PT-2006-1440 · Oracle · Mysql Server
Name of the Vulnerable Software and Affected Versions: MySQL version 5.0.18 Description: The issue allows local users with access to a VIEW to obtain sensitive information via the "SELECT FROM information schema.views;" query, which returns the query that created the VIEW. It is noted that the...
CVE-2005-3438
Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln 1 DB04 in Change Data Capture; 2 DB06 in Data Guard Logical Standby; 3 DB10 in Locale; 4 DB12 in Materialized Views; 5 DB13 in Objects Extension; 6 DB15 in...
CVE-2005-3442
Multiple unspecified vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln 1 DB09 in Export, 2 DB11 in Materialized Views, and 3 DB16 in Security Service...
CVE-2005-3438
Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln 1 DB04 in Change Data Capture; 2 DB06 in Data Guard Logical Standby; 3 DB10 in Locale; 4 DB12 in Materialized Views; 5 DB13 in Objects Extension; 6 DB15 in...
Gopher <= 3.0.9 (+VIEWS) Remote (Client Side) Buffer Overflow Exploit
Exploit for linux platform in category local exploits ===================================================================== Gopher bindshell port The Internet Gopher Client is based on the UMN Gopher/Gopherd 2.3.1 code. Gopher is an Internet technology that predates the Web. It presents informati...