Computer Security

pygresql / mysql-ocaml / postgresql-ocaml SQL injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



pygresql / mysql-ocaml / postgresql-ocaml SQL injection
Published:15.10.2009
Source:BUGTRAQ
SecurityVulns ID:10324
Type:library
Level:6/10
Description:Text escaping functions are not colled for multibyte charsets.
Affected:PYGRESQL : pygresql 4.0
 MYSQL : mysql-ocaml 1.0
 POSTGRES : postgresql-ocaml 1.7
CVE:CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
 CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
 CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1911-1] New pygresql packages provide secure escaping (15.10.2009)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru