Searching mysql prefix software vulnerabilities

A database service is running, e.g. a SQL serve

database | running | service | server | Oracle | mySQL | SQL |

A database service is running, e.g. a SQL server, Oracle, or mySQL.


PHP-Nuke 5.x allows remote attackers to perform

operations | arbitrary | modifying | attackers | PHP-Nuke | "prefix" | variable | calling | scripts | already | perform | prefix | allows | remote | define | SQL | any | not |

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.


WinMySQLadmin 1.1 stores the MySQL password in

WinMySQLadmin | unathorized | database | password | allows | access | stores | obtain | users | local | plain | MySQL | which | myini | text | file |

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.


The leafnode server in leafnode 1.9.20 to 1.9.2

leafnode | server |

The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group.


The OSI dissector in Ethereal 0.9.12 and earlie

dissector | Ethereal | OSI |

The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.


PHP remote file inclusion vulnerability in Book

vulnerability | Bookmark4U | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.


mysqlbug in MySQL allows local users to overwri

failed-mysql-bugreport | overwrite | arbitrary | temporary | mysqlbug | symlink | allows | attack | MySQL | users | local | files | file | via |

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.


Qt before 3.3.4 searches the BUILD_PREFIX direc

before |

Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs.


PHP remote file inclusion vulnerability in erro

vulnerability | path_prefix | attackers | modifying | arbitrary | reference | parameter | inclusion | contains | errorphp | GrayCMS | execute | remote | server | allows | code | file | PHP | URL | web |

PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code.


Stack-based buffer overflow in the dissect_ospf

dissect_ospf_v3_address_prefix | Stack-based | dissector | protocol | Ethereal | overflow | function | buffer | OSPF |

Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets.


search.php in MyBB 1.0.2 allows remote attacker

searchphp | MyBB |

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.


MySQL 5.0.18 and earlier allows local users to

MySQL |

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.


PHP-Stats 0.1.9.1 and earlier allows remote att

PHP-Stats |

PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix.


MySQL Manager in Apple Mac OS X 10.3.9 and 10.4

Manager | Apple | MySQL | Mac |

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.


SQL injection vulnerability in upgradev1.php in

vulnerability | upgradev1php | injection | Chat | SQL |

SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.


Opsware Network Automation System (NAS) 6.0 ins

Automation | Network | Opsware | System |

Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.


index.php in myWebland myBloggie 2.1.4 and earl

myBloggie | myWebland | indexphp |

index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.


index.php in Pharmacy System 2 and earlier allo

information | attackers | sensitive | Pharmacy | indexphp | earlier | obtain | System | allows | remote | via |

index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.


CRLF injection vulnerability in the redirect fe

vulnerability | injection | redirect | feature | System | before | Server | CRLF | Java | Sun | Web |

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before Thursday, August 02, 2007, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.


PHP remote file inclusion vulnerability in envi

environmentphp | vulnerability | AnyInventory | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.


Software vulnerabilities results 1 to 20 of 159     
Page: 12345...8