 |
|
Оригинальный текст |  | SHATTER, Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL (20.04.2007) |
|  | ZDI, ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vulnerability (20.04.2007) |
|  | 3COM, ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability (20.04.2007) |
|  | Kornbrust, Alexander, Bypass Oracle Logon Trigger (18.04.2007) |
|  | Kornbrust, Alexander, SQL Injection in package SYS.DBMS_AQADM_SYS (18.04.2007) |
|  | Kornbrust, Alexander, SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (18.04.2007) |
|  | Kornbrust, Alexander, Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search (SES) (18.04.2007) |
|  | Kornbrust, Alexander, Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01] (18.04.2007) |
|  | ORACLE, Oracle Critical Patch Update - April 2007 (18.04.2007) |
Затронутые продукты: |  | MACROVISION : InstallAnywhere Enterprise 8.0 | CVE: |  | CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.) |
CVE: |  | CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.) |
Затронутые продукты: |  | IBM : Tivoli Monitoring Express 6.1 | CVE: |  | CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.) |
CVE: |  | CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.) |
CVE: |  | CVE-2007-1972 (** DISPUTED ** PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured.) |
CVE: |  | CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.) |
Оригинальный текст |  | XenoMuta, [Full-disclosure] freePBX 2.2.x's Music-on-hold Remote Code Execution Injection (22.04.2007) |
|  | seko_(at)_se-ko.info, Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org (20.04.2007) |
|  | dean_(at)_brettle.com, NeatUpload vulnerability and fix (20.04.2007) |
|  | Janek Vind, [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20 (20.04.2007) |
|  | HACKERS PAL, IPB (Invision Power Board) Full Path Disclusure (20.04.2007) |
|  | john_(at)_martinelli.com, NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities (20.04.2007) |
|  | HACKERS PAL, Extreme PHPBB2 Remote File Inclusion (20.04.2007) |
|  | HACKERS PAL, EclipseBB Remote File Inclusion (20.04.2007) |
|  | HACKERS PAL, FullyModdedphpBB2 Remote File Inclusion (20.04.2007) |
|  | HACKERS PAL, MediaBeez Sql query Execution .. Wear isn't ?? :) (20.04.2007) |
|  | programmer_(at)_serbiansite.com, NukeSentinel Bypass SQL Injection & Nuke Evolution <= 2.0.3 SQL Injections (20.04.2007) |
|  | BorN To K!LL BorN To K!LL, Gizzar <= (basePath) Remote File Include Vulnerability (20.04.2007) |
|
|
|
|
|
|
|