171 matches found
openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...
OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911...
CVE-2015-4863
Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
某通用型电子采购系统Oracle盲注漏洞
简要描述: 捡漏啊 详细说明: 前人有经验: WooYun: 某通用型电子采购平台SQL注射(涉及大量企业) 厂商: http://www.1caitong.com/ 北京网达信联科技发展有限公司 SQL注入点: /GetPassWord.aspx POST参数txtUserName存在注入 Case: http://eps.umgg.com.cn/GetPassWord.aspx http://ygcg.xuangang.com.cn/GetPassWord.aspx http://222.134.89.6/GetPassWord.aspx...
openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...
POODLE vulnerability in SSL 3.0
Overview Many modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining CBC mode is used. This is commonly referred to as the "POODLE" Padding Oracle On Downgraded Legacy Encryption attack. Description CWE-327: U...
OpenJDK: AccessControlContext check order issue (Libraries, 8001330)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different...
OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)
Unspecified vulnerability in the 2D component in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than...
Fedora Update for bugzilla FEDORA-2012-11324
Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2012-11324 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
OpenJDK Launcher incorrect processing of empty library path entries (6983554)
Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...
OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...
getwebshell for oracle-vulnerability warning-the black bar safety net
by elegant wind ping SQL create tablespace kjtest datafile 'e:\website\kj.asp' size 100k nologging ; Copy the code This will create the Table space. It should be noted that the oracle of the Table, The smallest unit is 100K. The following began to build the table: SQL Create TABLE WEBSHELLC...
Linx Oracle auto-attack-vulnerability warning-the black bar safety net
| | --- http://host/test.jsp?action=read&id=1 2 3 and chr1 not in --- Annex download: ! oracle...
Oracle Reports arbitrary file reading vulnerability
Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a componen...
CVE-2004-1339
SQL injection vulnerability in the 1 MDSYS.SDOGEOMTRIGINS1 and 2 MDSYS.SDOLRSTRIGINS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.tablename or new.columnname parameters...
CVE-2004-1338
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXECCBKFNDML to add arbitrary functions to the SDOCMTDBKFNTABLE and SDOCMTCBKDMLTABLE, then performing a DELETE on the SDOTXNIDXINSERTS table, which...
CVE-2004-1364
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLEHOME\bin directory...
CVE-2002-0858
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges...
CVE-2002-0858
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges...
CVE-2001-1041
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace .trc file that is created in an alternate home directory identified by the ORACLEHOME environment variable...