Computer Security
[EN] securityvulns.ru no-pyccku


Netsurf browser multiple security vulnerabilities
Published:15.01.2009
Source:
SecurityVulns ID:9586
Type:client
Threat Level:
5/10
Description:Integer overflows and memory exhaustion.
Affected:NETSURF : Netsurf 1.2
Original documentdocumentJeremy Brown, Netsurf multiple adv (15.01.2009)
Files:Netsurf 1.2 'hspace' Remote Integer Overflow PoC Exploit
 Netsurf 1.2 Remote Memory Leak Exploit
 Netsurf 1.2 Remote Memory Leak Exploit
 Netsurf 1.2 'width' Remote Integer Overflow PoC Exploit

Novell Netware ICEbrowser denial of service
Published:15.01.2009
Source:
SecurityVulns ID:9587
Type:client
Threat Level:
4/10
Description:Resources exhaustion with Javascript.
Affected:NOVELL : Netware 6.5
Files:Novell Netware 6.5 (ICEbrowser) Remote System Denial of Service Exploit

Oracle applications multiple security vulnerabilities
updated since 15.01.2009
Published:15.12.2009
Source:
SecurityVulns ID:9588
Type:remote
Threat Level:
9/10
Description:Oracle Critical Patch Update fixes >40 of different vulnerabilities in all Oracle applications.
Affected:ORACLE : WebLogic Server 7.0
 ORACLE : Oracle 9i
 ORACLE : Oracle 10g
 ORACLE : Oracle E-Business Suite 11i
 ORACLE : WebLogic Portal 8.1
 ORACLE : WebLogic Server 8.1
 ORACLE : WebLogic Portal 9.2
 ORACLE : Oracle 11g
 ORACLE : WebLogic Server 10.0
 ORACLE : WebLogic Server 9.0
 ORACLE : Oracle Secure Backup 10.1
 ORACLE : Oracle Secure Backup 10.2
 ORACLE : TimesTen In-Memory Database 7.0
 ORACLE : Oracle E-Business Suite 12
 ORACLE : PeopleSoft Enterprise HRMS 8.9
 ORACLE : PeopleSoft Enterprise HRMS 9.0
 ORACLE : JD Edwards Tools 8.97
 ORACLE : WebLogic Portal 10.0
CVE:CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.)
 CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 and CU2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform Engineering component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows local users to affect confidentiality via unknown vectors.)
 CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.)
 CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference.)
 CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.)
 CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB.)
 CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors.)
 CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH.)
 CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.)
 CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO.)
 CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.)
 CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.0.2.8 and 9.2.0.8DV allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.)
 CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.)
 CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.)
Original documentdocumentOfer Maor, Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover (15.12.2009)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART (05.02.2009)
 documentSHATTER, Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter) (05.02.2009)
 documentHackers Center Security Group, Oracle Application Server Portal 10g Cross Site Scripting Vulnerability (30.01.2009)
 documentHackers Center Security Group, Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet) (30.01.2009)
 documentEduardo Vela, [Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server (20.01.2009)
 documentAditya K Sood, Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability (19.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability (16.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Database 10g R2 Summary Advisor Arbitrary File Rewrite Vulnerability (16.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability (16.01.2009)
 documentDavid Litchfield, Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2 (16.01.2009)
 documentZDI, ZDI-09-003: Oracle Secure Backup exec_qr() Command Injection Vulnerability (16.01.2009)
 documentZDI, ZDI-09-004: Oracle TimesTen evtdump Remote Format String Vulnerability (16.01.2009)
 documentJose Antonio, Oracle Secure Backup 10g Remote Code Execution (16.01.2009)
 documentJose Antonio, Oracle Secure Backup 10g Remote Code Execution (16.01.2009)
 documentJose Antonio, Oracle TimesTen Remote Format String (16.01.2009)
 documentsecurity curmudgeon, Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup Multiple Denial Of Service vulnerabilities (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup's observiced.exe Denial Of Service vulnerability (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-003 (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-002 (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001 (16.01.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-015A -- Oracle Updates for Multiple Vulnerabilities (15.01.2009)
Files:Oracle Critical Patch Update Advisory - January 2009

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod