CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2015-3414 – sqlite: use of uninitialized memory when parsing collation sequences in src/where.c
https://notcve.org/view.php?id=CVE-2015-3414
24 Apr 2015 — SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite anterior a 3.8.9 no implementa correctamente la descomillación de nombres de secuencias de colaciones, lo que permite a atacantes dependientes de conte... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-3416 – sqlite: stack buffer overflow in src/printf.c
https://notcve.org/view.php?id=CVE-2015-3416
24 Apr 2015 — The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. La función sqlite3VXPrintf en printf.c en SQLite anterior a 3.8.9 no maneja correctamente los valores de precisión y anchu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6593 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6593
03 Apr 2009 — SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. Vulnerabilidad de inyección SQL en LightNEasy/lightneasy.php en LightNEasy SQLite v1.2.2 y anteriores permite a atacantes remotos inyectar código PHP de forma arbitraria en comments.dat a través del parámetro "dlid" en index.php. • https://www.exploit-db.com/exploits/5452 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6589
https://notcve.org/view.php?id=CVE-2008-6589
03 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML d... • http://secunia.com/advisories/29833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 2CVE-2008-6592 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6592
03 Apr 2009 — thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). thumbsup.php en Thumbs-Up v1.12, cuando se utiliza en LightNEasy "no database" (también conocido como flat) y SQLite v1.2.2 permite a atacantes remotos copiar, renombrar, y leer ficheros de modo arbitrario ... • https://www.exploit-db.com/exploits/5452 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 2CVE-2008-6590 – LightNEasy sqlite / no database 1.2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6590
03 Apr 2009 — Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. Múltiples vulnerabilidades de salto de directorio en LightNEasy "no database" (también conocido como flat) v1.2.2, y posiblemente SQLite v1.2.2, permite a atacantes remotos leer fichero de modo arbitrario a través de ..(punto punto) en el parámetro ... • https://www.exploit-db.com/exploits/5452 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •