Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Codesighs memory corruption
Published:15.12.2009
Source:
SecurityVulns ID:10465
Type:local
Threat Level:
4/10
Description:Buffer overflow on file parsing.
Original documentdocumentJeremy Brown, Mozilla Code *sighs* (15.12.2009)
Files:Mozilla Codesighs Memory Corruption PoC

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.12.2009
Source:
SecurityVulns ID:10466
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INVISION : Invision Power Board 1.3
 DIGITALSCRIBE : Digital Scribe 1.4
 INVISION : Invision Power Board 2.2
 PYFORUM : PyForum 1.0
 INVISION : Invision Power Board 3.0
 EEGSHOP : EEGshop 1.2
 MINIWEB : Miniweb 2.0
 TESTLINK : TestLink 1.8
 PHPCOLLEGEEX : phpCollegeExchange 0.1
 WSCREATOR : WSCreator 1.1
CVE:CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.)
 CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php.)
Original documentdocumentStefan Friedli, [scip-Advisory 4063] PasswordManager Pro 6.1 Script Injection Vulnerability (15.12.2009)
 documenthadikiamarsi_(at)_hotmail.com, Daloradius XSS Vulnerability (15.12.2009)
 documentrosophilaxxx_(at)_gmail.com, WSCreator 1.1 Blind SQL Injection (15.12.2009)
 documentNam Nguyen, [BMSA-2009-08] Multiple Vulnerabilities in PyForum (15.12.2009)
 documentSalvatore "drosophila" Fresta, phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities (15.12.2009)
 documentSalvatore "drosophila" Fresta, E-Store SQL Injection Vulnerability (15.12.2009)
 documentSalvatore "drosophila" Fresta, Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities (15.12.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System (15.12.2009)
 documentSalvatore "drosophila" Fresta, Miniweb 2.0 Full Path Disclosure (15.12.2009)
 documentsecu_lab_ir_(at)_yahoo.com, EEGshop v1.2 (15.12.2009)
 documentSalvatore "drosophila" Fresta, B2C Booking Centre Systems - SQL Injection Vulnerability (15.12.2009)
 documentMustLive, Cross-Site Scripting vulnerabilities in Invision Power Board (15.12.2009)

Zabbix monitoring server multiple security vulnerabilities
Published:15.12.2009
Source:
SecurityVulns ID:10467
Type:remote
Threat Level:
5/10
Description:SQL injection, command execution, DoS conditions.
Affected:ZABBIX : Zabbix 1.6
Original documentdocumentnicob_(at)_nicob.net, Zabbix Agent : Bypass of EnableRemoteCommands=0 (15.12.2009)
 documentnicob_(at)_nicob.net, Zabbix Server : Multiple remote vulnerabilities (15.12.2009)

Trango Broadband Wireless networks traffic hijacking and spoofing
Published:15.12.2009
Source:
SecurityVulns ID:10471
Type:remote
Threat Level:
5/10
Description:No authentication for end-point device is supported.
Affected:TANGOBROADBAND : Tango Broadband Access 5830
Original documentdocumentBlair, Trango Broadband Wireless Rogue SU Authentication Bug (15.12.2009)

Monkey web server DoS
Published:15.12.2009
Source:
SecurityVulns ID:10468
Type:remote
Threat Level:
5/10
Description:Crash on processing client's request.
Affected:MONKEYPROJECT : Monkey web server 0.9
Original documentdocumentPatroklos Argyroudis, Monkey HTTPd improper input validation vulnerability (15.12.2009)

Intellicom NetBiterConfig buffer overflow
Published:15.12.2009
Source:
SecurityVulns ID:10469
Type:client
Threat Level:
5/10
Description:Buffer overflow on HMS HICP protocol parsing.
Affected:INTELLICOM : NetBiterConfig 1.3
Original documentdocumentReversemode, Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched) (15.12.2009)

firefox-sage RSS reader crossite scripting
Published:15.12.2009
Source:
SecurityVulns ID:10470
Type:client
Threat Level:
5/10
Description:It's possible to inject script into RSS data.
Affected:SAGE : Sage 1.4
CVE:CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1951-1] New firefox-sage packages fix insufficient input sanitizing (15.12.2009)

APC Switched Rack PDU crossite scripting
Published:15.12.2009
Source:
SecurityVulns ID:10472
Type:remote
Threat Level:
4/10
Description:Crossite scripting in Web administration interface.
Affected:APC : APC AP7932
Original documentdocumentJamal Pecou, APC Switched Rack PDU XSS Vulnerability (15.12.2009)

PostgreSQL multiple security vulnerabilities
Published:15.12.2009
Source:
SecurityVulns ID:10473
Type:remote
Threat Level:
6/10
Description:SSL certificate spoofing, privilege escalation.
Affected:POSTGRES : PostgreSQL 8.3
CVE:CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.)
 CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:333 ] postgresql (15.12.2009)

Symantec Veritas multiple applications unauthorized access
updated since 10.12.2009
Published:15.12.2009
Source:
SecurityVulns ID:10462
Type:remote
Threat Level:
7/10
Description:Authentication bypass in TCP/14300 VRTSweb.exe allows code execution.
Affected:HP : HP-UX 11.23
 HP : HP-UX 11.31
 SYMANTEC : Backup Exec Continuous Protection Server 12.5
 SYMANTEC : Veritas NetBackup Operations Manager 6.5
 SYMANTEC : Veritas Backup Reporter 6.6
 SYMANTEC : Veritas Storage Foundation 3.5
 SYMANTEC : Veritas Storage Foundation for Windows High Availability 5.1
 SYMANTEC : Veritas Storage Foundation for High Availability 3.5
 SYMANTEC : Veritas Storage Foundation for Oracle 5.0
 SYMANTEC : Veritas Storage Foundation for DB2 5.0
 SYMANTEC : Veritas Storage Foundation for Sybase 5.0
 SYMANTEC : Veritas Storage Foundation for Oracle Real Application Cluster 5.0
 SYMANTEC : Veritas Storage Foundation Manager 1.1
 SYMANTEC : Veritas Storage Foundation Manager 2.0
 SYMANTEC : Veritas Cluster Server 5.0
 SYMANTEC : Veritas Cluster Server One 2.0
 SYMANTEC : Veritas Application Director 1.1
 SYMANTEC : Veritas Cluster Server Management Console 5.5
 SYMANTEC : Veritas Storage Foundation Cluster File System 5.0
 SYMANTEC : Veritas Storage Foundation Cluster File System for Oracle RAC 5.0
 SYMANTEC : Veritas Command Central Storage 5.1
 SYMANTEC : Veritas Command Central Enterprise Reporter 5.1
 SYMANTEC : Veritas Command Central Storage Change Manager 5.1
 SYMANTEC : Veritas MicroMeasure 5.0
 SYMANTEC : VRTSweb 5.0
CVE:CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1)
Original documentdocumentHP, [security bulletin] HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege (15.12.2009)
 documentZDI, ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability (10.12.2009)

Oracle applications multiple security vulnerabilities
updated since 15.01.2009
Published:15.12.2009
Source:
SecurityVulns ID:9588
Type:remote
Threat Level:
9/10
Description:Oracle Critical Patch Update fixes >40 of different vulnerabilities in all Oracle applications.
Affected:ORACLE : WebLogic Server 7.0
 ORACLE : Oracle 9i
 ORACLE : Oracle 10g
 ORACLE : Oracle E-Business Suite 11i
 ORACLE : WebLogic Portal 8.1
 ORACLE : WebLogic Server 8.1
 ORACLE : WebLogic Portal 9.2
 ORACLE : Oracle 11g
 ORACLE : WebLogic Server 10.0
 ORACLE : WebLogic Server 9.0
 ORACLE : Oracle Secure Backup 10.1
 ORACLE : Oracle Secure Backup 10.2
 ORACLE : TimesTen In-Memory Database 7.0
 ORACLE : Oracle E-Business Suite 12
 ORACLE : PeopleSoft Enterprise HRMS 8.9
 ORACLE : PeopleSoft Enterprise HRMS 9.0
 ORACLE : JD Edwards Tools 8.97
 ORACLE : WebLogic Portal 10.0
CVE:CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.)
 CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 and CU2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform Engineering component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows local users to affect confidentiality via unknown vectors.)
 CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.)
 CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference.)
 CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.)
 CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB.)
 CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors.)
 CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH.)
 CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.)
 CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO.)
 CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.)
 CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.0.2.8 and 9.2.0.8DV allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.)
 CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.)
 CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.)
Original documentdocumentOfer Maor, Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover (15.12.2009)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART (05.02.2009)
 documentSHATTER, Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter) (05.02.2009)
 documentHackers Center Security Group, Oracle Application Server Portal 10g Cross Site Scripting Vulnerability (30.01.2009)
 documentHackers Center Security Group, Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet) (30.01.2009)
 documentEduardo Vela, [Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server (20.01.2009)
 documentAditya K Sood, Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability (19.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability (16.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Database 10g R2 Summary Advisor Arbitrary File Rewrite Vulnerability (16.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability (16.01.2009)
 documentDavid Litchfield, Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2 (16.01.2009)
 documentZDI, ZDI-09-003: Oracle Secure Backup exec_qr() Command Injection Vulnerability (16.01.2009)
 documentZDI, ZDI-09-004: Oracle TimesTen evtdump Remote Format String Vulnerability (16.01.2009)
 documentJose Antonio, Oracle Secure Backup 10g Remote Code Execution (16.01.2009)
 documentJose Antonio, Oracle Secure Backup 10g Remote Code Execution (16.01.2009)
 documentJose Antonio, Oracle TimesTen Remote Format String (16.01.2009)
 documentsecurity curmudgeon, Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup Multiple Denial Of Service vulnerabilities (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup's observiced.exe Denial Of Service vulnerability (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-003 (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-002 (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001 (16.01.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-015A -- Oracle Updates for Multiple Vulnerabilities (15.01.2009)
Files:Oracle Critical Patch Update Advisory - January 2009

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod