Vulnerabilities > Sqlite

DATE CVE VULNERABILITY TITLE RISK
2015-04-24 CVE-2015-3416 Integer Overflow or Wraparound vulnerability in multiple products
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
network
low complexity
canonical sqlite debian apple php CWE-190
7.5
2015-04-24 CVE-2015-3415 Improper Resource Shutdown or Release vulnerability in multiple products
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
network
low complexity
apple debian canonical sqlite php CWE-404
7.5
2015-04-24 CVE-2015-3414 Use of Uninitialized Resource vulnerability in multiple products
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
network
low complexity
sqlite apple debian canonical php CWE-908
7.5
2009-04-03 CVE-2008-6593 SQL Injection vulnerability in multiple products
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
network
low complexity
lightneasy sqlite CWE-89
7.5
2009-04-03 CVE-2008-6592 Path Traversal vulnerability in multiple products
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
network
low complexity
lightneasy sqlite CWE-22
7.5
2009-04-03 CVE-2008-6590 Path Traversal vulnerability in multiple products
Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a ..
network
low complexity
lightneasy sqlite CWE-22
5.0
2009-04-03 CVE-2008-6589 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.
4.3