CVE-2010-3595

CVE-2010-3595 affects Oracle Document Capture’s EasyMail ActiveX control (emsmtp.dll). The connected advisories and exploit references describe an information-disclosure vulnerability caused by improper validation in the ImportBodyText/related methods, enabling a remote attacker to read arbitrary...

CVE-2010-3595

Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has no...

CVE-2010-3599

The CVE-2010-3599 issue affects Oracle Document Capture (NCSECWLib ActiveX), where the WriteJPG method in NCSECWLib can be exploited via a crafted page to overwrite files or trigger a buffer overflow, potentially enabling arbitrary code execution. The vulnerability is reported in Oracle Document ...

CVE-2010-3592

Technical details for CVE-2010-3592 are not publicly available in the provided documents; the entries describe an unspecified vulnerability in Oracle Document Capture. Monitor for updates.

CVE-2010-3598

Affected product: Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5. The issue is described as an unspecified vulnerability relating to the Import Export Utility that allows remote attackers to affect integrity. The Connected documents corroborate multiple CVEs (...

CVE-2010-3591

CVE-2010-3591 affects Oracle Document Capture (ActiveX: Actbar2.ocx and EMPOP3Lib empop3.dll) within Oracle Fusion Middleware 10.1.3.4/10.1.3.5. DSecRG advisories describe insecure methods in Actbar2.ocx and empop3.dll that can overwrite or delete arbitrary files, with exploits publicly discussed...

CVE-2010-4419

Technical details such as affected components, vulnerable vectors, root cause, or fixes are not publicly provided in the supplied connected documents. Monitor for updates from official advisories.

HTTP Client MS Credential Catcher

This module attempts to quietly catch NTLM/LM Challenge hashes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework NTLMCONST = Rex::Proto::NTLM::Constants NTLMCRYPT = Rex::Proto::NTLM::Crypt MESSAGE =...

Oracle Database Multiple Vulnerabilities (October 2010 CPU)

The remote Oracle database server is missing the October 2010 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Enterprise Manager Console - Java Virtual Machine - Change Data Capture - OLAP - Job Queue - XDK - Core RDBMS - Perl...

CVE-2010-1844

Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service memory consumption and system crash via a crafted image...

Design/Logic Flaw

Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service memory consumption and system crash via a crafted image...

CVE-2010-1844

Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service memory consumption and system crash via a crafted image...

CVE-2010-1844

CVE-2010-1844 affects Apple Mac OS X 10.6.x prior to 10.6.5, specifically Image Capture. Root cause: unbounded memory consumption in Image Capture when processing a crafted image, leading to a denial of service (memory usage and system crash). Affected: Mac OS X 10.6–10.6.4 (Image Capture). Impac...

Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities

Versions of Mac OS X 10.6 earlier than 10.6.5 are potentially affected by multiple vulnerabilities. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache modperl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services -...

Oracle database CREATE_CHANGE_SET the process of SQL injection vulnerabilities and patch-vulnerability warning-the black bar safety net

Vulnerability description: Oracle is a large commercial database system. Oracle database Change Data Capture components are provided in a DBMSCDCPUBLISH PL/SQL package, the package CREATECHANGESET process in the presence ofSQL injectionvulnerabilities. Malicious users can in a special parameter...

Internet Music Capture DLL Hijacking Exploit (iacenc.dll)

Exploit for windows platform in category local exploits ========================================================= Internet Music Capture DLL Hijacking Exploit iacenc.dll ========================================================= || || | || o,7 || . o7 || 4||| ow, : / /...

Oracle数据库CREATE_CHANGE_SET过程SQL注入漏洞

BUGTRAQ ID: 43956 CVE ID: CVE-2010-2415 Oracle是大型的商业数据库系统。 Oracle数据库的Change Data Capture组件中提供了一个DBMSCDCPUBLISH PL/SQL软件包，该软件包的CREATECHANGESET过程中存在SQL注入漏洞。恶意用户可以以特殊参数调用有漏洞的过程，导致以SYS用户的权限执行SQL语句。 利用这个漏洞要求拥有对SYS.DBMSCDCPUBLISH软件包的EXECUTE权限。默认下给予了EXECUTECATALOGROLE角色的用户拥有这个权限。 Oracle Database 11.2.0....

Design/Logic Flaw

Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order Capture component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle 28 and 9.1 Bundle 4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2010-3532

CVE-2010-3532 affects PeopleSoft Enterprise CRM – Order Capture in Oracle PeopleSoft/JD Edwards Suite, specifically 9.0 Bundle #28 and 9.1 Bundle #4. The vulnerability is listed in the PeopleSoft/Oracle CVE risk matrix as network-exploitable with HTTP access, requiring a single authentication lev...

CVE-2010-2415

Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMSCDCPUBLISH...