Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.10.2009
Source:
SecurityVulns ID:10323
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SNITZ : Snitz Forums 2000 3.4
Original documentdocumentAndrea Fabrizi, Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities (15.10.2009)

pygresql / mysql-ocaml / postgresql-ocaml SQL injection
Published:15.10.2009
Source:
SecurityVulns ID:10324
Type:library
Threat Level:
6/10
Description:Text escaping functions are not colled for multibyte charsets.
Affected:PYGRESQL : pygresql 4.0
 MYSQL : mysql-ocaml 1.0
 POSTGRES : postgresql-ocaml 1.7
CVE:CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
 CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
 CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1911-1] New pygresql packages provide secure escaping (15.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod