Информационная безопасность
[RU] switch to English


Повреждение памяти в Mozilla Codesighs
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10465
Тип:локальная
Уровень опасности:
4/10
Описание:Переполнение буфера при разборе файла.
Оригинальный текстdocumentJeremy Brown, Mozilla Code *sighs* (15.12.2009)
Файлы:Mozilla Codesighs Memory Corruption PoC

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10466
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:INVISION : Invision Power Board 1.3
 DIGITALSCRIBE : Digital Scribe 1.4
 INVISION : Invision Power Board 2.2
 PYFORUM : PyForum 1.0
 INVISION : Invision Power Board 3.0
 EEGSHOP : EEGshop 1.2
 MINIWEB : Miniweb 2.0
 TESTLINK : TestLink 1.8
 PHPCOLLEGEEX : phpCollegeExchange 0.1
 WSCREATOR : WSCreator 1.1
CVE:CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.)
 CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via (2) the key parameter to lib/general/staticPage.php, (3) the tableName parameter to lib/attachments/attachmentupload.php, or the (4) startDate, (5) endDate, or (6) logLevel parameter to lib/events/eventviewer.php; (7) the search_notes_string parameter to lib/results/resultsMoreBuilds_buildReport.php; or the (8) expected_results, (9) name, (10) steps, or (11) summary parameter in a find action to lib/testcases/searchData.php, related to lib/functions/database.class.php.)
Оригинальный текстdocumentStefan Friedli, [scip-Advisory 4063] PasswordManager Pro 6.1 Script Injection Vulnerability (15.12.2009)
 documenthadikiamarsi_(at)_hotmail.com, Daloradius XSS Vulnerability (15.12.2009)
 documentrosophilaxxx_(at)_gmail.com, WSCreator 1.1 Blind SQL Injection (15.12.2009)
 documentNam Nguyen, [BMSA-2009-08] Multiple Vulnerabilities in PyForum (15.12.2009)
 documentSalvatore "drosophila" Fresta, phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities (15.12.2009)
 documentSalvatore "drosophila" Fresta, E-Store SQL Injection Vulnerability (15.12.2009)
 documentSalvatore "drosophila" Fresta, Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities (15.12.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System (15.12.2009)
 documentSalvatore "drosophila" Fresta, Miniweb 2.0 Full Path Disclosure (15.12.2009)
 documentsecu_lab_ir_(at)_yahoo.com, EEGshop v1.2 (15.12.2009)
 documentSalvatore "drosophila" Fresta, B2C Booking Centre Systems - SQL Injection Vulnerability (15.12.2009)
 documentMustLive, Cross-Site Scripting vulnerabilities in Invision Power Board (15.12.2009)

Многочисленные уязвимости безопасности в сервере мониторинга Zabbix
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10467
Тип:удаленная
Уровень опасности:
5/10
Описание:SQL-инъекция, несанкционированный доступ, DoS-условия.
Затронутые продукты:ZABBIX : Zabbix 1.6
Оригинальный текстdocumentnicob_(at)_nicob.net, Zabbix Agent : Bypass of EnableRemoteCommands=0 (15.12.2009)
 documentnicob_(at)_nicob.net, Zabbix Server : Multiple remote vulnerabilities (15.12.2009)

Перехват трафика в сетях Trango Broadband Wireless
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10471
Тип:удаленная
Уровень опасности:
5/10
Описание:В беспроводной сети отсутствует аутентификация конечного устройства.
Затронутые продукты:TANGOBROADBAND : Tango Broadband Access 5830
Оригинальный текстdocumentBlair, Trango Broadband Wireless Rogue SU Authentication Bug (15.12.2009)

DoS против Monkey web server
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10468
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при обработке запроса клиента.
Затронутые продукты:MONKEYPROJECT : Monkey web server 0.9
Оригинальный текстdocumentPatroklos Argyroudis, Monkey HTTPd improper input validation vulnerability (15.12.2009)

Переполнение буфера в Intellicom NetBiterConfig
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10469
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе данных по протоколу HMS HICP.
Затронутые продукты:INTELLICOM : NetBiterConfig 1.3
Оригинальный текстdocumentReversemode, Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched) (15.12.2009)

Межсайтовый скриптинг в RSS-ридере firefox-sage
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10470
Тип:клиент
Уровень опасности:
5/10
Описание:Возможно внедрение скрипта в данные RSS.
Затронутые продукты:SAGE : Sage 1.4
CVE:CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1951-1] New firefox-sage packages fix insufficient input sanitizing (15.12.2009)

Межсайтовый скриптинг в APC Switched Rack PDU
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10472
Тип:удаленная
Уровень опасности:
4/10
Описание:Межсайтовый скриптинг в интерфейсе веб-администрирования.
Затронутые продукты:APC : APC AP7932
Оригинальный текстdocumentJamal Pecou, APC Switched Rack PDU XSS Vulnerability (15.12.2009)

Многочисленные уязвимости безопасности в PostgreSQL
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10473
Тип:удаленная
Уровень опасности:
6/10
Описание:Подмена SSL-сертификата, повышение привилегий.
Затронутые продукты:POSTGRES : PostgreSQL 8.3
CVE:CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.)
 CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2009:333 ] postgresql (15.12.2009)

Несанкционрованный доступ к продуктам Symantec Veritas
дополнено с 10 декабря 2009 г.
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10462
Тип:удаленная
Уровень опасности:
7/10
Описание:Обход аутентификации в службе VRTSweb.exe по порту TCP/14300 позволяет выполнение кода.
Затронутые продукты:HP : HP-UX 11.23
 HP : HP-UX 11.31
 SYMANTEC : Backup Exec Continuous Protection Server 12.5
 SYMANTEC : Veritas NetBackup Operations Manager 6.5
 SYMANTEC : Veritas Backup Reporter 6.6
 SYMANTEC : Veritas Storage Foundation 3.5
 SYMANTEC : Veritas Storage Foundation for Windows High Availability 5.1
 SYMANTEC : Veritas Storage Foundation for High Availability 3.5
 SYMANTEC : Veritas Storage Foundation for Oracle 5.0
 SYMANTEC : Veritas Storage Foundation for DB2 5.0
 SYMANTEC : Veritas Storage Foundation for Sybase 5.0
 SYMANTEC : Veritas Storage Foundation for Oracle Real Application Cluster 5.0
 SYMANTEC : Veritas Storage Foundation Manager 1.1
 SYMANTEC : Veritas Storage Foundation Manager 2.0
 SYMANTEC : Veritas Cluster Server 5.0
 SYMANTEC : Veritas Cluster Server One 2.0
 SYMANTEC : Veritas Application Director 1.1
 SYMANTEC : Veritas Cluster Server Management Console 5.5
 SYMANTEC : Veritas Storage Foundation Cluster File System 5.0
 SYMANTEC : Veritas Storage Foundation Cluster File System for Oracle RAC 5.0
 SYMANTEC : Veritas Command Central Storage 5.1
 SYMANTEC : Veritas Command Central Enterprise Reporter 5.1
 SYMANTEC : Veritas Command Central Storage Change Manager 5.1
 SYMANTEC : Veritas MicroMeasure 5.0
 SYMANTEC : VRTSweb 5.0
CVE:CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege (15.12.2009)
 documentZDI, ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability (10.12.2009)

Многочисленные уязвимости безопасности в продуктах Oracle
дополнено с 15 января 2009 г.
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:9588
Тип:удаленная
Уровень опасности:
9/10
Описание:Очередное ежеквартальное обновление закрывает более 40 различных уязвимостей.
Затронутые продукты:ORACLE : WebLogic Server 7.0
 ORACLE : Oracle 9i
 ORACLE : Oracle 10g
 ORACLE : Oracle E-Business Suite 11i
 ORACLE : WebLogic Portal 8.1
 ORACLE : WebLogic Server 8.1
 ORACLE : WebLogic Portal 9.2
 ORACLE : Oracle 11g
 ORACLE : WebLogic Server 10.0
 ORACLE : WebLogic Server 9.0
 ORACLE : Oracle Secure Backup 10.1
 ORACLE : Oracle Secure Backup 10.2
 ORACLE : TimesTen In-Memory Database 7.0
 ORACLE : Oracle E-Business Suite 12
 ORACLE : PeopleSoft Enterprise HRMS 8.9
 ORACLE : PeopleSoft Enterprise HRMS 9.0
 ORACLE : JD Edwards Tools 8.97
 ORACLE : WebLogic Portal 10.0
CVE:CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.)
 CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 and CU2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform Engineering component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows local users to affect confidentiality via unknown vectors.)
 CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.)
 CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service in observiced.exe via malformed private Protocol data that triggers a NULL pointer dereference.)
 CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.)
 CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB.)
 CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors.)
 CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH.)
 CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.)
 CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO.)
 CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.)
 CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.0.2.8 and 9.2.0.8DV allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.)
 CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.)
 CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.)
Оригинальный текстdocumentOfer Maor, Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover (15.12.2009)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.OLAPIMPL_T.ODCITABLESTART (05.02.2009)
 documentSHATTER, Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter) (05.02.2009)
 documentHackers Center Security Group, Oracle Application Server Portal 10g Cross Site Scripting Vulnerability (30.01.2009)
 documentHackers Center Security Group, Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet) (30.01.2009)
 documentEduardo Vela, [Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server (20.01.2009)
 documentAditya K Sood, Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability (19.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability (16.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Database 10g R2 Summary Advisor Arbitrary File Rewrite Vulnerability (16.01.2009)
 documentIDEFENSE, iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability (16.01.2009)
 documentDavid Litchfield, Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2 (16.01.2009)
 documentZDI, ZDI-09-003: Oracle Secure Backup exec_qr() Command Injection Vulnerability (16.01.2009)
 documentZDI, ZDI-09-004: Oracle TimesTen evtdump Remote Format String Vulnerability (16.01.2009)
 documentJose Antonio, Oracle Secure Backup 10g Remote Code Execution (16.01.2009)
 documentJose Antonio, Oracle Secure Backup 10g Remote Code Execution (16.01.2009)
 documentJose Antonio, Oracle TimesTen Remote Format String (16.01.2009)
 documentsecurity curmudgeon, Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup Multiple Denial Of Service vulnerabilities (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup's observiced.exe Denial Of Service vulnerability (16.01.2009)
 documentnoreply-secresearch_(at)_fortinet.com, Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-003 (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-002 (16.01.2009)
 documentAlexandr Polyakov, Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001 (16.01.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-015A -- Oracle Updates for Multiple Vulnerabilities (15.01.2009)
Файлы:Oracle Critical Patch Update Advisory - January 2009

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород