Информационная безопасность
[RU] switch to English


Переполнение буфера в MBSE BBS (buffer overflow)
Опубликовано:18 января 2007 г.
Источник:
SecurityVulns ID:7069
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при обработке переменных окружения в многочисленных suid-утилитах.
Затронутые продукты:MBSE : MBSE BBS 0.70
CVE:CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.)
Файлы:GNU/Linux mbse-bbs 0.70.0 & below stack overflow exploit

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:18 января 2007 г.
Источник:
SecurityVulns ID:7066
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:MYBLOGGIE : myBloggie 2.1
 WOLTLAB : Woltlab Burning Board 2.3
 CACTI : cacti 0.8
 COMVIRONMENT : ComVironment 4.0
 UBERGHEY : uberghey cms 0.3
 PHPBP : phpBP 2.204
 mgb : MGB 0.5
 WBB : Woltlab Burning Board Lite 1.02
 PHPMYPHORUM : PHPMyphorum 1.5
CVE:CVE-2007-0395 (PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.)
 CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other board[] parameters.)
 CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers.)
 CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.)
 CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.)
 CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.)
 CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.)
 CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.)
 CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.)
Оригинальный текстdocumentDr Max Virus, Oreon <= 1.2.3 RC4 (lang/index.php file) Remote InclusionVulnerability (18.01.2007)
 documentv1per-haCker, PHPMyphorum 1.5a File Include Vulnerability (18.01.2007)
 documentGolD_M, Uberghey 0.3.1 (frontpage.php) Remote File Include Vulnerability (18.01.2007)
 documentGolD_M, ComVironment 4.0 (grab_globals.lib.php) Remote File Include Vulnerability (18.01.2007)
 documentCorryL, [x0n3-h4ck] myBloggie 2.1.5 XSS exploit (18.01.2007)
Файлы:phpBP <= RC3 (2.204) (sql/cmd) Remote Code Execution Exploit
 MGB <= 0.5.4.5 Exploit
 Exploits Oreon1.2.3 Remote File İnclude
 Woltlab Burning Board 2.X/Lite search.php SQL Injection exploit
 Woltlab Burning Board 2.3.6 <= / Lite Exploit
 Woltlab Burning Board Lite <= 1.0.2 / Woltlab Burning Board <= 2.3.6 GetHashes over search.php

Атака на suid-процессы через стандартные файловые дискрипторы во многих Unix-системах (unauthorized access)
дополнено с 22 апреля 2002 г.
Опубликовано:18 января 2007 г.
Источник:
SecurityVulns ID:1956
Тип:клиент
Уровень опасности:
8/10
Описание:Исчерпав файловые дискрипторы в системе и закрыв stderr и вызвав suid-приложение можно вызвать ситуацию, что открытый приложением файл получит дискриптор с номером 2 и в него будет перенаправлен поток stderr. В некоторых системах достаточно закрыть стандартный дескриптор.
Затронутые продукты:SCO : Open UNIX 8.0
 FREEBSD : FreeBSD 4.5
 OPENBSD : OpenBSD 3.1
 ORACLE : Solaris 9
 IBM : AIX 5.3
 FREEBSD : FreeBSD 5.0
 OPENBSD : OpenBSD 2.9
 SCO : UnixWare 7.1
 HP : HP-UX 11.11
 OPENBSD : OpenBSD 3.0
CVE:CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.)
 CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.)
 CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.)
 CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.)
Оригинальный текстdocumentXFOCUS, Multiple OS kernel insecure handling of stdio file descriptor (18.01.2007)
 documentCALDERA, Security Update: [CSSA-2002-SCO.43] UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerability (10.12.2002)
 documentfozzy_(at)_dmpfrance.com, OpenBSD local DoS and root exploit (10.05.2002)
 documentPatrick Oonk, Pine Internet Advisory: Setuid application execution may give local root in FreeBSD (23.04.2002)
 documentFREEBSD, Security Advisory FreeBSD-SA-02:23.stdio (23.04.2002)
 documentSECURITEAM, [UNIX] Suid Application Execution May Give Local Root (22.04.2002)
Файлы:stdio kernel bug in All releases of FreeBSD
 Proof Of Concept exploit for the Freebsd file descriptors bug

Переполнение буфера в Microsoft Help Workshop (buffer overflow)
дополнено с 18 января 2007 г.
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7068
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файла .cnt / .hpj
Затронутые продукты:MICROSOFT : Microsoft Help Workshop 4.03
CVE:CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.)
 CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.)
Оригинальный текстdocumentporkythepig_(at)_anspi.pl, Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop (20.01.2007)
 documentporkythepig_(at)_anspi.pl, Microsoft Help Workshop .CNT contents files buffer overflow vulnerability (18.01.2007)
Файлы:PoC exploit for (.HPJ) project files buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002
 PoC exploit for .cnt files buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002

DoS через файлы PDF против библиотек работ с PDF-файлами
дополнено с 18 января 2007 г.
Опубликовано:21 января 2007 г.
Источник:
SecurityVulns ID:7067
Тип:библиотека
Уровень опасности:
5/10
Описание:Бесконечный цикл при разборе дерева моделей страницы.
Затронутые продукты:XPDF : xpdf 3.0
 KDE : KDE 3.4
 ADOBE : Acrobat Reader 7.0
 KDE : koffice 1.4
 POPPLER : poppler 0.4
 PDFTOHTML : pdftohtml 0.36
 TETEX : tetex 3.0
 JADETEX : jadetex 3.12
 APPLE : Preview.app 3.0
CVE:CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.)
 CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.)
 CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.)
Оригинальный текстdocumentMOAB, MOAB-06-01-2007: Multiple Vendor PDF Document Catalog Handling Vulnerability (21.01.2007)
 documentMANDRIVA, [ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability (19.01.2007)
 documentMANDRIVA, [ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability (19.01.2007)
 documentMANDRIVA, [ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability (19.01.2007)
 documentUBUNTU, [USN-410-1] poppler vulnerability (18.01.2007)
Файлы:Exploits Multiple Vendor PDF Document Catalog Handling Vulnerability

Повреждение памяти в Sun Java (memory corruption)
дополнено с 18 января 2007 г.
Опубликовано:23 января 2007 г.
Источник:
SecurityVulns ID:7065
Тип:библиотека
Уровень опасности:
8/10
Описание:Повреждение памяти при разборе GIF-файлов с блоком нулевого размера. Может быть использовано для скрытой установки вредоносного ПО.
Затронутые продукты:SUN : JRE 1.3
 SUN : JDK 1.3
 SUN : JDK 1.4
 ORACLE : JRE 1.4
 SUN : JRE 1.5
 SUN : JDK 1.5
 SUN : JRE 5.0
 ORACLE : JDK 5.0
CVE:CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.)
 CVE-2007-0234 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0243. Reason: This candidate is a duplicate of CVE-2007-0243. Notes: All CVE users should reference CVE-2007-0243 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Оригинальный текстdocumentCERT, US-CERT Technical Cyber Security Alert TA07-022A (23.01.2007)
 documentZDI, ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability (18.01.2007)
Файлы:Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit

Очередной набор ошибок в Oracle (multiple bugs)
дополнено с 18 января 2007 г.
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7064
Тип:удаленная
Уровень опасности:
9/10
Описание:Очередной набор исправлений для Oracle включает в себя: 17 исправлений для базы данных Oracle, 9 исправлений для Oracle HTTP Server, 12 исправлений для Oracle Application Server, 7 исправлений для Oracle E-Business Suite, 6 исправлений Oracle Enterprise Manager, 3 исправления Oracle PeopleSoft Enterprise PeopleTools. Существует огромное количество других ошибок, многие из которых давно известны и до сих пор не исправлены, что позволяет говорить о нулевом уровне безопасности всех продуктов. Для обеспечения безопасности продуктов Oracle используйте разработки сторонних производителей.
Затронутые продукты:ORACLE : Oracle 9i
 ORACLE : Oracle E-Business Suite 11.0
 ORACLE : Oracle 10g
CVE:CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.)
 CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.)
 CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.)
 CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.)
 CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.)
 CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.)
 CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.)
 CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).)
 CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.)
 CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.)
 CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.)
 CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.)
 CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.)
 CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.)
 CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.)
 CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.)
 CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.)
 CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).)
 CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.)
 CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).)
 CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.)
 CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).)
 CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.)
 CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.)
 CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.)
 CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05. NOTE: Oracle has not disputed a reliable researcher report that claims this is for multiple buffer overflows and other issues in unspecified public procedures.)
 CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.)
 CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors related to the Data Guard and sys.dbms_drs privileges, aka DB03. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the GET_PROPERTY function in SYS.DBMS_DRS, which can be exploited for arbitrary code execution or a denial of service.)
 CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.)
 CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.)
 CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).)
Оригинальный текстdocumentNGS Software Insight Security Research, Oracle 10g R2 Enterprise Manager Directory Traversal (01.02.2007)
 documentSHATTER, Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL (25.01.2007)
 documentSHATTER, Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME (25.01.2007)
 documentSYMANTEC, SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal (18.01.2007)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS (18.01.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-017A -- Oracle Releases Patches for Multiple Vulnerabilities (18.01.2007)
Файлы:Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Remote Oracle DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION exploit (9i/10g)
 Remote Oracle DBMS_METADAT.GET_DDL exploit (9i/10g)
 Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Remote Oracle dbms_export_extension exploit (any version) Grant or revoke dba permission to unprivileged user
 [0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g)
 Remote Oracle dbms_export_extension exploit
 Remote Oracle KUPV$FT.ATTACH_JOB exploit (10g)
 Remote Oracle KUPW$WORKER.MAIN exploit (10g)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород