Computer Security
[EN] securityvulns.ru no-pyccku


Sun Java web console format string vulnerability
Published:18.04.2007
Source:
SecurityVulns ID:7598
Type:remote
Threat Level:
5/10
Description:Format string vulnerability in libwebconsole_services.so on syslog() call.
Affected:SUN : Sun Java Web Console 2.2
CVE:CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.)
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability (18.04.2007)

McAffee VirusScan antivirus buffer overflow
Published:18.04.2007
Source:
SecurityVulns ID:7599
Type:local
Threat Level:
5/10
Description:Buffer overflow on oversized Unicode filename.
Affected:MCAFEE : VirusScan 8.0
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.17.07: McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow (18.04.2007)

McAfee E-Business Admin Server DoS
Published:18.04.2007
Source:
SecurityVulns ID:7600
Type:remote
Threat Level:
5/10
Description:Read access to unallocated memory during authentication.
Affected:MCAFEE : McAfee E-Business Server
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.17.07: McAfee E-Business Admin Server Invalid Data Length DoS Vulnerability (18.04.2007)

Oracle critical patch update
updated since 18.04.2007
Published:20.04.2007
Source:
SecurityVulns ID:7601
Type:remote
Threat Level:
7/10
Description:Patch set fixes 36 vulnerabilities in Oracle applications, including 13 vulnerabilities in Oracle database server.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 10g
 ORACLE : Oracle Secure Enterprise Search 10g
 ORACLE : Oracle Application Server 10g
 ORACLE : Oracle10g Collaboration Suite
 ORACLE : Oracle E-Business Suite Release 11i
 ORACLE : Oracle E-Business Suite Release 12
 ORACLE : Oracle Enterprise Manager 9i
 ORACLE : PeopleTools 8.48
 ORACLE : PeopleTools 8.47
 ORACLE : PeopleTools 8.22
 ORACLE : Human Capital Management 8.9
 ORACLE : JD Edwards EnterpriseOne Tools 8.96
CVE:CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.)
 CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.)
Original documentdocumentSHATTER, Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL (20.04.2007)
 documentZDI, ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vulnerability (20.04.2007)
 document3COM, ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability (20.04.2007)
 documentKornbrust, Alexander, Bypass Oracle Logon Trigger (18.04.2007)
 documentKornbrust, Alexander, SQL Injection in package SYS.DBMS_AQADM_SYS (18.04.2007)
 documentKornbrust, Alexander, SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (18.04.2007)
 documentKornbrust, Alexander, Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search (SES) (18.04.2007)
 documentKornbrust, Alexander, Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01] (18.04.2007)
 documentORACLE, Oracle Critical Patch Update - April 2007 (18.04.2007)
Files:Details Oracle Critical Patch Update April 2007

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod