Sun Java web console format string vulnerability
Published:		18.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7598
Type:		remote
Level:		5/10
Description:		Format string vulnerability in libwebconsole_services.so on syslog() call.

Affected:		SUN : Sun Java Web Console 2.2
CVE:		CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.)

Original document

security_(at)_nruns.com, n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability (18.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

McAfee E-Business Admin Server DoS
Published:		18.04.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		7600
Type:		remote
Level:		5/10
Description:		Read access to unallocated memory during authentication.

Affected:

MCAFEE : McAfee E-Business Server

Original document

IDEFENSE, [Full-disclosure] iDefense Security Advisory 04.17.07: McAfee E-Business Admin Server Invalid Data Length DoS Vulnerability (18.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

McAffee VirusScan antivirus buffer overflow
Published:		18.04.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		7599
Type:		local
Level:		5/10
Description:		Buffer overflow on oversized Unicode filename.

Affected:

MCAFEE : VirusScan 8.0

Original document

IDEFENSE, [Full-disclosure] iDefense Security Advisory 04.17.07: McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow (18.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

Oracle critical patch update updated since 18.04.2007
Published:		20.04.2007
Source:		ORACLE
SecurityVulns ID:		7601
Type:		remote
Level:		7/10
Description:		Patch set fixes 36 vulnerabilities in Oracle applications, including 13 vulnerabilities in Oracle database server.

Affected:		ORACLE : Oracle 9i
		ORACLE : Oracle 10g
		ORACLE : Oracle Secure Enterprise Search 10g
		ORACLE : Oracle Application Server 10g
		ORACLE : Oracle10g Collaboration Suite
		ORACLE : Oracle E-Business Suite Release 11i
		ORACLE : Oracle E-Business Suite Release 12
		ORACLE : Oracle Enterprise Manager 9i
		ORACLE : PeopleTools 8.48
		ORACLE : PeopleTools 8.47
		ORACLE : PeopleTools 8.22
		ORACLE : Human Capital Management 8.9
		ORACLE : JD Edwards EnterpriseOne Tools 8.96
CVE:		CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.)
		CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.)

Original document		SHATTER, Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL (20.04.2007)
		ZDI, ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vulnerability (20.04.2007)
		3COM, ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability (20.04.2007)
		Kornbrust, Alexander, Bypass Oracle Logon Trigger (18.04.2007)
		Kornbrust, Alexander, SQL Injection in package SYS.DBMS_AQADM_SYS (18.04.2007)
		Kornbrust, Alexander, SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (18.04.2007)
		Kornbrust, Alexander, Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search (SES) (18.04.2007)
		Kornbrust, Alexander, Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01] (18.04.2007)
		ORACLE, Oracle Critical Patch Update - April 2007 (18.04.2007)

Files:		Details Oracle Critical Patch Update April 2007
Discuss:		Read or add your comments to this news (0 comments)