WheresJames Webcam Publisher buffer overflow Published: 19.04.2005 Source: TARAKO SecurityVulns ID: 4710 Type: remote Level: 5/10 Description: Buffer overflow on oversize GET request.
Original document Miguel Tarascó Acuña , WheresJames Webcam Publisher Bof + POC [Haxorcitos] (19.04.2005 )
McAfee Internet Security personal firewall / antivirus software weak permissions Published: 19.04.2005 Source: FULL-DISCLOSURE SecurityVulns ID: 4712 Type: local Level: 5/10 Description: Weak permissions for installation folder. Affected: MCAFEE : McAfee Internet Security Suite 2005 Original document IDEFENSE , [Full-disclosure] iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability (19.04.2005 )
PostgreSQL database array overflow Published: 19.04.2005 Source: UNL0CK SecurityVulns ID: 4709 Type: remote Level: 6/10 Description: Array overflow on large number of variables in plpgsql.
PMSoftware Simple Web Server buffer overflow Published: 19.04.2005 Source: BUGTRAQ SecurityVulns ID: 4711 Type: remote Level: 5/10 Description: Buffer overflow on oversized GET request. Affected: PMSOFTWARE : Simple Web Server 1.0 Original document Mailinglists , ERNW Security Advisory 01/2005 (19.04.2005 )
Webcam XP web camera software crossite scripting Published: 19.04.2005 Source: FULL-DISCLOSURE SecurityVulns ID: 3386 Type: remote Level: 5/10 Affected: DARKWET : WebcamXP Original document morning_wood , [Full-disclosure] WebcamXP (19.04.2005 ) Rafel Ivgi , WebcamXP v1.06.945 Cross Site Scripting Vulnerabillity (22.01.2004 )
PHP, ASP, CGI web applications security vulnerabilities Published: 23.04.2005 Source: SecurityVulns ID: 4708 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, etc. Affected: GENEWEB : geneweb 4.06 JAWS : jaws 0.4 EGROUPWARE : eGroupWare 1.0 PHPROJEKT : PHPROJEKT 4.2 ONEWORLDSTORE : OneWorldStore COPPERMINE : Coppermine Photo Gallery 1.3 PHPBB : Knowledge Base MOD INFO2WWW : info2www 1.2 DUWARE : DuPortal 3.4 KNUSPERLEICHT : Shoutbox SCRIPT 3.0 OCEAN12 : Ocean12 Calendar manager 1.01 AZBB : AZ Bulletin Board 1.0 NETREF : Annuaire Netref 4.2 ECOMMERCECARTS : EcommPro 3 NETMAILSHARE : netMailshare Professional 4.0 WOLTLAB : Woltlab Burning Board 2.3 ASPNUKE : Asp Nuke 0.80 ARGOSOFT : Argosoft Mail Server 1.8 YAZAPORT : E-Cart 1.1 Original document SECUNIA , [SA15054] WebAPP E-Cart Module Shell Command Injection Vulnerability (23.04.2005 ) ShineShadow , Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6 (23.04.2005 ) dcrab_(at)_hackerscenter.com , Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included) (23.04.2005 ) deluxe_(at)_security-project.org , [SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05) (23.04.2005 ) SECUNIA , [SA15038] netMailshar Professional Two Vulnerabilities (22.04.2005 ) piker piker , Vulnerability kali's tagboard (22.04.2005 ) SECURITEAM , [NT] OneWorldStore Cross Site Scripting and SQL Injection Vulnerabilities (21.04.2005 ) SECURITEAM , [UNIX] Jaws Cross Site Scripting (GlossaryModel.php) (21.04.2005 ) SSC Advisory Notice , Secure Science Corporation Application Software Advisory 055 (21.04.2005 ) c0d3r_(at)_ihsteam.com , Ecommerce-Carts SQL injection vulnerability ( IHSTeam ) (21.04.2005 ) jaguar , Annuaire Netref v4.2 [ fwrite php ] vulnerability (21.04.2005 ) JeiAr , Multiple Security Issues Found In AZBB (21.04.2005 ) JeiAr , Multiple eGroupware Vulnerabilities (21.04.2005 ) Zinho , [HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection (20.04.2005 ) SECUNIA , [SA15027] PHP Labs proFile "dir" and "file" Cross-Site Scripting (20.04.2005 ) SECUNIA , [SA15009] CityPost Automated Link Exchange "msg" Cross-Site Scripting (20.04.2005 ) SECUNIA , [SA15010] CityPost Simple PHP Upload "message" Cross-Site Scripting (20.04.2005 ) SECUNIA , [SA15011] CityPost Image Editor Cross-Site Scripting Vulnerabilities (20.04.2005 ) CorryL , [Full-disclosure] Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval (20.04.2005 ) dcrab_(at)_hackerscenter.com , DUportal Pro 3.4 has MANY Sql injection and Sql Errors. (20.04.2005 ) DEBIAN , [SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations (20.04.2005 ) DEBIAN , [SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability (20.04.2005 ) Hillel Himovich , UBB Thread printthread.php SQL Injection (20.04.2005 ) deluxe_(at)_security-project.org , phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure (19.04.2005 ) GHC team , Vulnerability in Coppermine Photo Gallery 1.3.* (19.04.2005 )
Multiple Oracle application server vulnerabilities Published: 23.12.2006 Source: BUGTRAQ SecurityVulns ID: 4707 Type: remote Level: 8/10 Description: SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in temporary files. Weak permissions for temporary files. Reading and writing any file with Oracle Reports. Command execution with Oracle Forms and Oracle Reports. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment. Affected: ORACLE : Oracle 9i ORACLE : Oracle E-Business Suite 11.0 ORACLE : Oracle 10g ORACLE : JDeveloper 9.0 SUN : SunMC 3.5 ORACLE : Oracle E-Business Suite 11i ORACLE : APEX/HTMLDB 2.2 CVE: CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.) CVE-2005-1197 (SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.) Original document putosoft softputo , Oracle Applications/Portal 9i/10g Cross Site Scripting (23.12.2006 ) putosoft softputo , Oracle Portal 10g HTTP Response Splitting (20.12.2006 ) Kornbrust, Alexander , Modify Data via Inline Views (26.10.2006 ) Kornbrust, Alexander , Various Cross-Site-Scripting Vulnerabilities in Oracle Reports (26.10.2006 ) Kornbrust, Alexander , Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG (26.10.2006 ) Kornbrust, Alexander , Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP (26.10.2006 ) Kornbrust, Alexander , SQL Injection in Oracle package MDSYS.SDO_LRS (26.10.2006 ) Kornbrust, Alexander , SQL Injection in package SYS.DBMS_CDC_IMPDP (26.10.2006 ) Kornbrust, Alexander , SQL Injection in package XDB.DBMS_XDBZ0 (26.10.2006 ) Kornbrust, Alexander , SQL Injection in package SYS.DBMS_SQLTUNE_INTERNAL (26.10.2006 ) putosoft softputo , Oracle 10g R2 and, probably, all previous versions (28.07.2006 ) Kornbrust, Alexander , Bypassing Oracle dbms_assert (28.07.2006 ) Kornbrust, Alexander , Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22] (24.07.2006 ) Kornbrust, Alexander , Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21] (24.07.2006 ) Kornbrust, Alexander , Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01] (24.07.2006 ) CERT , Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01] (24.07.2006 ) CERT , US-CERT Technical Cyber Security Alert TA06-200A -- Oracle Products Contain Multiple Vulnerabilities (24.07.2006 ) Kornbrust, Alexander , Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03] (24.07.2006 ) David Litchfield , [Full-disclosure] Recent Oracle exploit is _actually_ an 0day with no patch (26.04.2006 ) c c , [Full-disclosure] [Argeniss] Oracle Database 10gR1 Buffer overflow in VERIFY_LOG procedure (20.04.2006 ) CERT , US-CERT Technical Cyber Security Alert TA06-109A -- Oracle Products Contain Multiple Vulnerabilities (20.04.2006 ) Kornbrust, Alexander , [Full-disclosure] SQL Injection in package SYS.DBMS_LOGMNR_SESSION (19.04.2006 ) NGSSoftware Insight Security Research , Multiple critical and high risk issues in Oracle's database server (19.04.2006 ) Kornbrust, Alexander , [Full-disclosure] Oracle read-only user can insert/update/delete data via specially crafted views (10.04.2006 ) David Litchfield , More on the workaround for the unpatched Oracle PLSQL Gateway flaw (03.02.2006 ) David Litchfield , The History of the Oracle PLSQL Gateway Flaw (03.02.2006 ) c c , [VulnWatch] [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT} (27.01.2006 ) David Litchfield , Workaround for unpatched Oracle PLSQL Gateway flaw (26.01.2006 ) CERT , US-CERT Technical Cyber Security Alert TA06-018A -- Oracle Products Contain Multiple Vulnerabilities (19.01.2006 ) Kornbrust, Alexander , [Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT (18.01.2006 ) Kornbrust, Alexander , [Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT_INT (18.01.2006 ) Kornbrust, Alexander , [Full-disclosure] Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext (18.01.2006 ) Amichai Shulman , [Full-disclosure] Oracle DBMS - Access Control Bypass in Login (18.01.2006 ) Kornbrust, Alexander , [Full-disclosure] Oracle Reports - Read parts of files via desname (fixed after 874 days) (18.01.2006 ) Kornbrust, Alexander , [Full-disclosure] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days) (18.01.2006 ) Kornbrust, Alexander , [Full-disclosure] Oracle Reports - Read parts of files via customize(fixed after 875 days) (18.01.2006 ) Kornbrust, Alexander , [Full-disclosure] Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA (18.01.2006 ) NGSSoftware Insight Security Research , Oracle DBMS_ASSERT and the October 2005 CPU (09.11.2005 ) NGSSoftware Insight Security Research , Oracle October 2005 CPU Problems (09.11.2005 ) snsadv_(at)_lac.co.jp , [SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability (22.10.2005 ) oracle_secalert_(at)_hushmail.com , [Full-disclosure] Exploit Oracle DB27 - CPU Octobre (20.10.2005 ) SPI Labs , Oracle 10g - emagent.exe Stack-Based Overflow (20.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Oracle Workflow CSS Vulnerability wf_route (20.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor (20.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor (20.10.2005 ) CERT , US-CERT Technical Cyber Security Alert TA05-292A -- Oracle Products Contain Multiple Vulnerabilities (20.10.2005 ) David Litchfield , Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers (07.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Cross-Site-Scripting Vulnerability in Oracle XMLDB (07.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Shutdown TNS Listener via Oracle iSQL*Plus (07.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Shutdown TNS Listener via Oracle Forms Servlet (07.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB (07.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB (07.10.2005 ) Kornbrust, Alexander , [Full-disclosure] Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus (07.10.2005 ) c c , [VulnWatch] [Full-disclosure] [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package (27.07.2005 ) c c , [Full-disclosure] [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package (23.07.2005 ) SECUNIA , [SA16121] Sun Management Center Oracle Listener Vulnerabilities (19.07.2005 ) Kornbrust, Alexander , Various Cross-Site-Scripting Vulnerabilities in Oracle Reports (19.07.2005 ) Kornbrust, Alexander , Read parts of any XML-file via customize parameter in Oracle Reports (19.07.2005 ) Kornbrust, Alexander , Read parts of any file via desformat in Oracle Reports (19.07.2005 ) Kornbrust, Alexander , Run any OS Command via unauthorized Oracle Reports (19.07.2005 ) Kornbrust, Alexander , Run any OS Command via unauthorized Oracle Forms (19.07.2005 ) Kornbrust, Alexander , Overwrite any file via desname in Oracle Reports (19.07.2005 ) Kornbrust, Alexander , [Full-disclosure] Silently fixed security bugs in Oracle Critical Patch Update July 2005 (15.07.2005 ) CERT , US-CERT Technical Cyber Security Alert TA05-194A -- Oracle Products Contain Multiple Vulnerabilities (14.07.2005 ) Kornbrust, Alexander , Oracle Forms Insecure Temporary File Handling (13.07.2005 ) Kornbrust, Alexander , Oracle Forms Builder Password in Temp Files (13.07.2005 ) Kornbrust, Alexander , Oracle JDeveloper Plaintext Passwords (13.07.2005 ) Kornbrust, Alexander , Name Oracle JDeveloper passes Plaintext Password (13.07.2005 ) David Litchfield , Problems with the Oracle Critical Patch Update for April 2005 (07.07.2005 ) Kornbrust, Alexander , Oracle 10g Exploit dbms_scheduler SESSION_USER issue (03.05.2005 ) Kornbrust, Alexander , Oracle Fine Grained Auditing Issue in Oracle 9i / 10g (03.05.2005 ) Kornbrust, Alexander , Webcache Client Requests bypasses OHS mod_access restrictions (28.04.2005 ) Kornbrust, Alexander , Append file in Oracle Webcache 9i (28.04.2005 ) Kornbrust, Alexander , Cross Site Scripting in Oracle Webcache 9i (28.04.2005 ) CERT , US-CERT Technical Cyber Security Alert TA05-117A -- Oracle Products Contain Multiple Vulnerabilities (28.04.2005 ) SECURITEAM , [EXPL] Multiple Exploit Codes for Oracle (interMedia, DBMS_CDC_SUBSCRIBE, DBMS_CDC_ISUBSCRIBE and DBMS_METADATA) (21.04.2005 ) SHATTER , [AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure (19.04.2005 ) SHATTER , [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_METADATA package (19.04.2005 ) SHATTER , [AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia (19.04.2005 ) SHATTER , [AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure (19.04.2005 ) SHATTER , [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages (19.04.2005 )
