Computer Security
[EN] securityvulns.ru
no-pyccku



Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
updated since 22.04.2012
Published:02.12.2012
Source:BUGTRAQ
SecurityVulns ID:12331
Type:remote
Level:8/10
Description:Over 90 vulnerabilities in different applications are fixed by quarterly update.
Affected:ORACLE : Oracle 10g
 ORACLE : MySQL 5.1
 ORACLE : Oracle Application Server 10g
 ORACLE : Oracle E-Business Suite Release 11i
 ORACLE : Oracle E-Business Suite Release 12
 ORACLE : Oracle 11g
 ORACLE : PeopleSoft Enterprise HRMS 8.9
 ORACLE : PeopleSoft Enterprise HRMS 9.0
 ORACLE : Oracle BI Publisher 10.1
 ORACLE : PeopleSoft Enterprise CRM 9.1
 ORACLE : PeopleSoft Enterprise HRMS 9.1
 ORACLE : PeopleSoft Enterprise Portal 9.1
 ORACLE : PeopleSoft Enterprise SCM 9.0
 ORACLE : PeopleSoft Enterprise SCM 9.1
 ORACLE : Agile Product Supplier Collaboration for Process 6.0
 ORACLE : PeopleSoft Enterprise PeopleTools 8.52
 ORACLE : MySQL 5.5
 ORACLE : Oracle DB UM Connector for Oracle Identity Manager 9.1
 ORACLE : Oracle Identity Manager 11g
 ORACLE : JDeveloper 10.1
 ORACLE : JRockit 28.2
 ORACLE : JRockit 27.7
 ORACLE : Outside In Technology 8.3
 ORACLE : WebCenter Forms Recognition 10.1
 ORACLE : Enterprise Manager Grid Control 11g
 ORACLE : Enterprise Manager Grid Control 10g
 ORACLE : AutoVue 20.0
 ORACLE : PeopleSoft Enterprise HCM 9.1
 ORACLE : PeopleSoft Enterprise FCSM 9.0
 ORACLE : PeopleSoft Enterprise FCSM 9.1
 ORACLE : Siebel Life Sciences 8.0
 ORACLE : Siebel Life Sciences 8.1
 ORACLE : Siebel Life Sciences 8.2
 ORACLE : FLEXCUBE Direct Banking 5.0
 ORACLE : FLEXCUBE Direct Banking 5.3
 ORACLE : FLEXCUBE Direct Banking 6.0
 ORACLE : FLEXCUBE Direct Banking 6.2
 ORACLE : FLEXCUBE Universal Banking 10.5
 ORACLE : FLEXCUBE Universal Banking 11.4
CVE:CVE-2012-1710 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer.)
 CVE-2012-1709 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer.)
 CVE-2012-1708 (Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2012-1707 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Base.)
 CVE-2012-1706 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Logging.)
 CVE-2012-1704 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Base.)
 CVE-2012-1703 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.)
 CVE-2012-1698 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD.)
 CVE-2012-1697 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.)
 CVE-2012-1696 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.)
 CVE-2012-1695 (Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2012-1694 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl.)
 CVE-2012-1693 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 allows remote attackers to affect availability, related to XSCF Control Package (XCP).)
 CVE-2012-1692 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP.)
 CVE-2012-1691 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges.)
 CVE-2012-1690 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.)
 CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.)
 CVE-2012-1684 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy.)
 CVE-2012-1683 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.)
 CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.)
 CVE-2012-1679 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.)
 CVE-2012-1676 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking.)
 CVE-2012-1674 (Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI.)
 CVE-2012-0583 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.)
 CVE-2012-0582 (Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI.)
 CVE-2012-0581 (Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 6.0.0 allows remote attackers to affect integrity, related to SCRM - Company Profiles.)
 CVE-2012-0580 (Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.0.0 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal.)
 CVE-2012-0579 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core.)
 CVE-2012-0577 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect availability via unknown vectors related to Core.)
 CVE-2012-0576 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 6.0.1 and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Help.)
 CVE-2012-0575 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Core.)
 CVE-2012-0573 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core.)
 CVE-2012-0571 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core.)
 CVE-2012-0567 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core.)
 CVE-2012-0566 (Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 6.0.0 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal.)
 CVE-2012-0565 (Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 6.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Install.)
 CVE-2012-0564 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Query.)
 CVE-2012-0562 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway.)
 CVE-2012-0561 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to PIA Core Technology.)
 CVE-2012-0560 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal.)
 CVE-2012-0559 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Billing.)
 CVE-2012-0558 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.2.1, 8.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web application.)
 CVE-2012-0557 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.)
 CVE-2012-0556 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.)
 CVE-2012-0555 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.)
 CVE-2012-0554 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.)
 CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2012-0551 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.)
 CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container.)
 CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.0.2 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.)
 CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 and earlier allows local users to affect confidentiality, related to XSCF Control Package (XCP).)
 CVE-2012-0546 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core.)
 CVE-2012-0545 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core.)
 CVE-2012-0544 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core.)
 CVE-2012-0543 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 10.1.3.4.1 and 10.1.3.4.2 allows remote attackers to affect integrity via unknown vectors related to Administration.)
 CVE-2012-0542 (Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Runtime Catalog.)
 CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-My Services.)
 CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.)
 CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Search.)
 CVE-2012-0537 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity, related to HTML pages.)
 CVE-2012-0536 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation.)
 CVE-2012-0535 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Change Password Page.)
 CVE-2012-0534 (Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Create Session.)
 CVE-2012-0533 (Unspecified vulnerability in the PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Receivables.)
 CVE-2012-0532 (Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management.)
 CVE-2012-0531 (Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal.)
 CVE-2012-0530 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect integrity via unknown vectors related to eProcurement.)
 CVE-2012-0529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core.)
 CVE-2012-0528 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Framework.)
 CVE-2012-0527 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management.)
 CVE-2012-0527 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management.)
 CVE-2012-0526 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management.)
 CVE-2012-0526 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management.)
 CVE-2012-0525 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management.)
 CVE-2012-0525 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management.)
 CVE-2012-0525 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management.)
 CVE-2012-0524 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing.)
 CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to sgepasswd.)
 CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects.)
 CVE-2012-0521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 Bundle #9 allows remote authenticated users to affect confidentiality via unknown vectors related to Human Resources.)
 CVE-2012-0520 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to Security Framework.)
 CVE-2012-0520 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to Security Framework.)
 CVE-2012-0519 (Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2012-0517 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eCompensation Manager Desktop.)
 CVE-2012-0516 (Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console.)
 CVE-2012-0515 (Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors.)
 CVE-2012-0514 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality, related to SEC.)
 CVE-2012-0513 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity, related to REST Services.)
 CVE-2012-0512 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management.)
 CVE-2012-0512 (Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management.)
 CVE-2012-0511 (Unspecified vulnerability in the OCI component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality and integrity via unknown vectors.)
 CVE-2012-0510 (Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7 allows remote attackers to affect integrity and availability via unknown vectors.)
 CVE-2012-0509 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2 and 5.3.0 through 5.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.)
 CVE-2012-0208 (Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh.)
Original documentdocumentNCC Group Research, NGS000107 Technical Advisory: Oracle Gridengine sgepasswd Buffer Overflow (02.12.2012)
 documentZDI, ZDI-12-152 : Oracle Outside In Excel MergeCells Record Parsing Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-151 : Oracle Outside In Excel File TxO Parsing Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-150 : Oracle Outside In XPM Processing Remote Code Execution Vulnerability (27.08.2012)
 documentlaurenz.albe_(at)_wien.gv.at, Re: The history of a -probably- 13 years old Oracle bug: TNS Poison (01.05.2012)
 documentJose Antonio, Oracle TNS Poison vulnerability is actually a 0day with no patch available (01.05.2012)
 documentResearch@NGSSecure, NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow (01.05.2012)
 documentJose Antonio, The history of a -probably- 13 years old Oracle bug: TNS Poison (22.04.2012)
 documentEsteban Martinez Fayo, OCIPasswordChange API leaks information of password hash (CVE-2012-0511) (22.04.2012)
 documentSHATTER, Some failed authentication attempts using OCIPasswordChange API are not recorded (CVE-2012-0511) (22.04.2012)
 documentSHATTER, Incomplete protection of Oracle Database locked accounts (CVE-2012-0510) (22.04.2012)
 documentSHATTER, SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512) (22.04.2012)
 documentSHATTER, SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525) (22.04.2012)
 documentSHATTER, HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526) (22.04.2012)
 documentSHATTER, HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter) (CVE-2012-0527) (22.04.2012)
 documentSHATTER, OCIPasswordChange API leaks information of password hash (CVE-2012-0511) (22.04.2012)
 documentSHATTER, Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528) (22.04.2012)
Files:Oracle Critical Patch Update Advisory - April 2012
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru