EUVD-2009-2454

Malware in sbrugna...

Description of the update for Communicator 2007 R2: July 2009

Describes the update for Communicator 2007 R2 that is dated July 2009.SummaryThis article describes the Microsoft Office Communicator 2007 R2 issues that are fixed in the update for Communicator 2007 R2 that is dated June 2009.This article describes the following items about the update:The issues...

NcFTPd <= 2.8.5 - Remote Jail Breakout Vulnerability

No description provided by source. NcFTPd = 2.8.5 remote jail breakout Discovered by: Kingcope Contact: kcope2atgooglemail.com / http://isowarez.de Date: 27th July 2009 Greetings: Alex,Andi,Adize,wY!,Netspy,Revoguard Prerequisites: Valid user account. Demonstration on FreeBSD 7.0-RELEASE and NcFT...

Oracle Database Multiple Vulnerabilities (July 2009 CPU)

The remote Oracle database server is missing the July 2009 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Replication - Auditing - Config Management - Core RDBMS - Listener - Network Foundation - Secure Enterprise Search...

Oracle Secure Backup property_box.php type parameter command execution

Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

Oracle Secure Backup property_box.php type parameter command execution

Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC

Hey all, The Oracle REPCATRPC.VALIDATEREMOTERC function executes blocks of anonymous PL/SQL that can be influenced by an attacker to execute arbitrary PL/SQL. As this package is only accessible directly by SYS this flaw would not normally present a risk. However, the REPCATRPC.VALIDATEREMOTERC...

Multiple BSD Operating Systems setusercontext() Vulnerabilities

Exploit for multiple platform in category local exploits =============================================================== Multiple BSD Operating Systems setusercontext Vulnerabilities =============================================================== BSD setusercontext vulnerabilites discovered by...

flash-plugin: Remote code execution vulnerability via malicious SWF (Shockwave Flash) content

Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via 1 a crafted Flash application in a .pdf file or 2...

Design/Logic Flaw

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

NcFTPd <= 2.8.5 Remote Jail Breakout Vulnerability

Exploit for freebsd platform in category remote exploits ================================================== NcFTPd get /etc/passwd passwd local: passwd remote: /etc/passwd 502 Unimplemented command. 227 Entering Passive Mode 192,168,2,5,219,171 550 No such file. ftp ls .. 227 Entering Passive Mod...

CVE-2009-2889

creationtimestamp| type| source ---|---|--- 2009-07-21 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34771...

[DSECRG-09-031] Oracle BEA Weblogic 10.3 Linked ХSS vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-09-031 http://dsecrg.com/pages/vul/show.php?id=131 Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 18.03.2009 Vendor response:...

Stack overflow

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library ATL, as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold...

CVE-2008-0015

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library ATL, as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold...

PT-2009-1181

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 Description A stack-based buffer overflow exists in the CComVariant::ReadFromStream function within the Active Templat...

CVE-2009-2265

Removed by vendor...

CVE-2009-2326

creationtimestamp| type| source ---|---|--- 2009-07-01 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9068...