Searching mysql real connect software vulnerabilities

Progressive Networks Real Video server (pnserve

Progressive | Networks | server | Video | Real |

Progressive Networks Real Video server (pnserver) can be crashed remotely.


In IIS, an attacker could determine a real path

non-existent | interpreted | determine | attacker | request | would | using | could | Perl | path | real | IIS | URL |

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe) .


A database service is running, e.g. a SQL serve

database | running | service | server | Oracle | mySQL | SQL |

A database service is running, e.g. a SQL server, Oracle, or mySQL.


Groupwise web server GWWEB.EXE allows remote at

attackers | determine | parameter | Groupwise | GWWEBEXE | server | allows | remote | HELP | path | real | web | via |

Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.


WebSite Pro allows remote attackers to determin

webdirectories | attackers | determine | malformed | pathname | WebSite | request | remote | allows | real | Pro | URL | via |

WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.


Ceilidh allows remote attackers to obtain the r

translated_path | attackers | directory | Ceilidh | hidden | remote | allows | obtain | field | form | real | path | via |

Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translated_path hidden form field.


The sample Java servlet "test" in Bajie HTTP we

pathname | document | reveals | servlet | server | sample | "test" | Bajie | real | HTTP | Java | 030a | root | web |

The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.


Symantec/AXENT NetProwler 3.5.x contains severa

Symantec/AXENT | NetProwler | passwords | attackers | contains | default | several | remote | allow | which | could | 35x |

Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.


WinMySQLadmin 1.1 stores the MySQL password in

WinMySQLadmin | unathorized | database | password | allows | access | stores | obtain | users | local | plain | MySQL | which | myini | text | file |

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.


The default configuration of MySQL 3.20.32 thro

configuration | default | MySQL |

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.


mysqlbug in MySQL allows local users to overwri

failed-mysql-bugreport | overwrite | arbitrary | temporary | mysqlbug | symlink | allows | attack | MySQL | users | local | files | file | via |

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file.


Buffer overflow in the mysql_real_connect funct

mysql_real_connect | function | overflow | before | Buffer | MySQL |

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).


MyProxy 6.58 allows remote authenticated users

MyProxy |

MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.


The HTTP proxy in Astaro Security Linux 6.0 doe

attackers | localhost | requests | properly | firewall | services | Security | CONNECT | allows | bypass | Astaro | remote | filter | rules | proxy | local | Linux | which | does | HTTP | not |

The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services.


Stack-based buffer overflow in the create_named

create_named_pipe | Stack-based | libmysqlc | function | overflow | buffer | PHP |

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.


MySQL 5.0.18 and earlier allows local users to

MySQL |

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.


MySQL Manager in Apple Mac OS X 10.3.9 and 10.4

Manager | Apple | MySQL | Mac |

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.


SQL injection vulnerability in MySQL 4.1.x befo

vulnerability | injection | before | MySQL | SQL | 41x |

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.


Opsware Network Automation System (NAS) 6.0 ins

Automation | Network | Opsware | System |

Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.


Multiple SQL injection vulnerabilities in the M

vulnerabilities | injection | back-end | Advanced | Multiple | Creator | Website | MySQL | SQL |

Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string.


Software vulnerabilities results 1 to 20 of 299     
Page: 12345...15