Code injection

Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08...

CVE-2007-2109

CVE-2007-2109 affects Oracle Database 10.2.0.3 with reported issues in two components: (1) Rules Manager and Expression Filter (DB02) due to a race condition in the RLMGR_TRUNCATE_MAINT trigger that can change AUTHID from DEFINER to CURRENT_USER after TRUNCATE, and (2) Oracle Streams (DB06) due t...

CVE-2007-2109

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 Rules Manager and Expression Filter components DB02 and 2 Oracle Streams DB06. Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a...

CVE-2006-5343

Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack vectors related to sys.dbmsscheduler, aka Vuln DB19...

CVE-2006-5335

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to 1 Vuln DB04 and sys.dbmscdcimpdp in the a Change Data Capture CDC component; 2 Vuln DB07, 3 DB08, and 4 DB16 in sys.dbmscdcisubscribe in CDC; and 5...

CVE-2006-5333

Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQ...

CVE-2006-5336

Multiple unspecified vulnerabilities in the Change Data Capture CDC component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to 1 sys.dbmscdcipublish Vuln DB05 and 2 sys.dbmscdcisubscribe DB06. NOTE: as of 20061023, Oracle has not...

CVE-2006-5339

Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdogeom, aka Vuln DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties th...

CVE-2006-5340

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to 1 mdsys.sdolrs, aka Vuln DB13, and 2 Vuln DB17. NOTE: as of 20061023, Oracle has not dispute...

CVE-2006-5370

Technical details about CVE-2006-5370 are not publicly available in the supplied documents; no affected products, vulnerable components, or remediation specifics are provided here. Monitor for updates.

CVE-2006-5335

CVE-2006-5335 affects Oracle Database 10.1.0.5 and 10.2.0.2, with issues reported in the CDC and Spatial areas. The linked CERT entry attributes a PL/SQL injection-style vulnerability to the SYS.DBMS_CDC_IMPDP package, tied to BUMP_SEQUENCE (DB04) and related CDC/Spatial procedures (CREATE_SUBSCR...

CVE-2006-5334

CVE-2006-5334 affects Oracle Database with the Spatial component in versions 9.0.1.5, 9.2.0.7, and 10.1.0.5. The connected sources corroborate a vulnerability (DB03) with unknown impact and possible remote authenticated vectors related to mdsys.md2, including reported links to (1) a potential buf...

CVE-2006-5345

Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdogeom, aka Vuln DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 i...

CVE-2006-5377

Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft Enterprise 8.80 GA, 8.90 GA, 8.8 Bundle 11, and 8.9 Bundle 4 has unknown impact and remote authenticated attack vectors, aka Vuln PSE05...

CVE-2006-5374

Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln PHAR01...

CopperExport XP_Publish.PHP SQL Injection Vulnerability

The remote host is running CopperExport, a plugin for iPhoto that allows an iPhoto user to export images to a Coppermine gallery. The remote version of this software fails to sanitize unspecified input to the 'xppublish.php' script before using it in a SQL query. Note that successful exploitation...

[Full-Disclosure] iDEFENSE Security Advisory 11.08.04: Samba SMBD Remote Denial of Service Vulnerability

Samba SMBD Remote Denial of Service Vulnerability iDEFENSE Security Advisory 11.08.04 www.idefense.com/application/poi/display?id=156&type=vulnerabilities November 08, 2004 I. BACKGROUND Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients...

CVE-2004-0794

Multiple signal handler race conditions in lukemftpd aka tnftpd before 20040810 allow remote authenticated attackers to cause a denial of service or execute arbitrary code...

MDaemon POP Server Multiple Command Remote Overflow DoS

According to its banner, the remote POP server has a denial of service vulnerability. Input to the DELE and UIDL commands are not properly handled. A remote, authenticated attacker could exploit this to crash the POP service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2003-0082

The Key Distribution Center KDC in Kerberos 5 krb5 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap aka "buffer underrun"...