GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20).
Greensql
CVE-2008-6992
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as “x=y=z”, which is successfully parsed by MySQL.
CVE-2008-6416
Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to “internal pages.”
CVE-2008-6417
Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the “installation directory” via unknown vectors.