Computer Security

Oracle critical patch update
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Oracle critical patch update
updated since 18.04.2007
Published:20.04.2007
Source:ORACLE
SecurityVulns ID:7601
Type:remote
Level:7/10
Description:Patch set fixes 36 vulnerabilities in Oracle applications, including 13 vulnerabilities in Oracle database server.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 10g
 ORACLE : Oracle Secure Enterprise Search 10g
 ORACLE : Oracle Application Server 10g
 ORACLE : Oracle10g Collaboration Suite
 ORACLE : Oracle E-Business Suite Release 11i
 ORACLE : Oracle E-Business Suite Release 12
 ORACLE : Oracle Enterprise Manager 9i
 ORACLE : PeopleTools 8.48
 ORACLE : PeopleTools 8.47
 ORACLE : PeopleTools 8.22
 ORACLE : Human Capital Management 8.9
 ORACLE : JD Edwards EnterpriseOne Tools 8.96
CVE:CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.)
 CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.)
Original documentdocumentSHATTER, Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL (20.04.2007)
 documentZDI, ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vulnerability (20.04.2007)
 document3COM, ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability (20.04.2007)
 documentKornbrust, Alexander, Bypass Oracle Logon Trigger (18.04.2007)
 documentKornbrust, Alexander, SQL Injection in package SYS.DBMS_AQADM_SYS (18.04.2007)
 documentKornbrust, Alexander, SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (18.04.2007)
 documentKornbrust, Alexander, Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search (SES) (18.04.2007)
 documentKornbrust, Alexander, Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01] (18.04.2007)
 documentORACLE, Oracle Critical Patch Update - April 2007 (18.04.2007)
Files:Details Oracle Critical Patch Update April 2007
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru