 |
|
|
|
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 15.10.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10323 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| pygresql / mysql-ocaml / postgresql-ocaml SQL injection | | Published: | | 15.10.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10324 | | Type: | | library | | Level: | | 6/10 | | Description: | | Text escaping functions are not colled for multibyte charsets. |
| Affected: |  | PYGRESQL : pygresql 4.0 | | | | MYSQL : mysql-ocaml 1.0 | | | | POSTGRES : postgresql-ocaml 1.7 | | CVE: |  | CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.) | | | | CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.) | | | | CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.) |
|
|
|
|
|
|
|
|
