Symantec Encryption Management Server Database Backup Command Injection (CVE-2014-7288)

A command-injection vulnerability has been reported in Symantec Encryption Management Server. The vulnerability is due to insufficient sanitization of user-supplied input when processing database backup commands from the Web UI. A remote, authenticated attacker could exploit this vulnerability by...

Ubuntu: Security Advisory (USN-1710-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Proventia Network Mail Security System Insecure Direct Object Reference

Security Advisory: MVSA-10-008 / CVE-2010-0154 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Insecure Direct Object Reference Risk: Medium Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-008...

FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service

FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service !/usr/bin/python print "" print " Iranian Pentesters Home " print " Www.Pentesters.Ir " print " PLATEN - H.jafari - " print " FtpXQ FTP Server 3.0 Remote Denial Of Service Exploit " print " author: PLATEN " print " E-mail && blog: "...

Adobe JRUN Directory Traversal

Digital Security Research Group DSecRG Advisory DSECRG-09-051 Application: Adobe JRun Application Server Versions Affected: 4 updater 7 Vendor URL: http://www.adobe.com/products/jrun/ Bug: Directory Traversal File Read Exploits: YES Reported: 20.01.2009 Vendor response: 21.01.2009 Solution: YES...

Design/Logic Flaw

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors...

CVE-2008-2601

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors...

CVE-2008-2577

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors...

CVE-2008-2590

Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors...

CVE-2008-2585

Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors...

CVE-2008-2591

Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors...

CVE-2008-2601

CVE-2008-2601 affects Oracle iStore in Oracle E-Business Suite 12.0.4. The vulnerability is listed under Oracle E-Business Suite risk matrix with HTTP access requiring a valid session; it is not remotely exploitable (Remote Exploit with Auth? = No) and has a CVSS v2 base score of 5.5 (Confidentia...

CVE-2008-2577

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors...

CVE-2008-2621

CVE-2008-2621 affects Oracle PeopleSoft Enterprise (PeopleTools) with 8.48.17 and 8.49.11. The connected PeopleSoft/JD Edwards entry lists CVE-2008-2621 under PeopleSoft PeopleTools with a CVSS v2 base score of 4.0 (Medium). The risk matrix indicates the vulnerability requires a valid session (au...

CVE-2008-1816

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 SDOUTIL in the Oracle Spatial component, aka DB05; or 2 fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

CVE-2007-5972

Double free vulnerability in the krb5defstoremkey function in lib/kdb/kdbdefault.c in MIT Kerberos 5 krb5 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store...

DEBIAN-CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

IBM Lotus Domino IMAP Service Mailbox Name Overflow

The IMAP server component of IBM Lotus Domino Server installed on the remote host fails to properly validate the mailbox name before copying it into a fixed-size stack buffer as part of handling certain unspecified commands. Using a specially crafted mailbox name to which he is subscribed, an...