CVE-2008-2592

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMSDEFERSYS. NOTE: the previous information was obtained from the Oracl...

Sql injection

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMSDEFERSYS. NOTE: the previous information was obtained from the Oracl...

Information disclosure

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors...

CVE-2008-2587

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors...

CVE-2008-2587

CVE-2008-2587 affects Oracle Database Advanced Replication in 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability allows local access to read trace files (local attack vector) with a low impact (read access, Partial confidentiality). CVSS 2.0 base score is 1.5 (LOW). The ...

CVE-2008-2592

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMSDEFERSYS. NOTE: the previous information was obtained from the Oracl...

CVE-2008-2587

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors...

CVE-2008-2592

CVE-2008-2592 affects Oracle Database Advanced Replication (SYS.DBMS_DEFER_SYS.DELETE_TRAN) across 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.6. The issue is a SQL injection claim targeting DELETE_TRAN; Oracle CPU July 2008 provides the patch. Exploitation is described as remot...

Fedora 7 : fedora-ds-admin-1.1.4-1.fc7 (2008-3214)

This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor CVE-2008-0892 - unrestricted access to CGI scripts CVE-2008-0893 Fix Description: Remove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only...

Fedora 8 : fedora-ds-admin-1.1.4-1.fc8 (2008-3220)

This release addresses two security vulerabilities in the package: - shell command injection in CGI replication monitor CVE-2008-0892 - unrestricted access to CGI scripts CVE-2008-0893 Fix Description: Remove ScriptAlias for bin/admin/admin/bin - do not use that directory for CGI URIs - use only...

Authentication flaw

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

CVE-2008-0892

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

CVE-2008-0892

The CVE-2008-0892 issue affects the replication monitor CGI script (repl-monitor-cgi.pl) in the Red Hat Administration Server used with Red Hat Directory Server 8.0 on RHEL4/RHEL5, allowing remote command execution via the CGI interface. The root cause is a command-injection flaw in the replicati...

CVE-2008-0892

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

Fedora 7 : openldap-2.3.34-6.fc7 (2008-1307)

Tue Feb 5 2008 Jan Safranek 2.3.34-6 - fix CVE-2007-6698 431409 - Mon Jan 14 2008 Jan Safranek 2.3.34-5 - fix default slurpd directory to /var/lib/ldap 424831 - Fri Nov 2 2007 Jan Safranek 2.3.34-4 - fix various security flaws 360081 - Fri Jul 13 2007 Jan Safranek 2.3.34-3 - Fix initscript return...

Debian Security Advisory DSA 1169-1 (mysql-dfsg-4.1)

The remote host is missing an update to mysql-dfsg-4.1 announced via advisory DSA 1169-1. Several local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4226 Michal Prokopiuk discovered...

Ubuntu 5.04 / 5.10 / 6.06 LTS : openldap2, openldap2.2 vulnerability (USN-305-1)

When processing overly long host names in OpenLDAP's slurpd replication server, a buffer overflow caused slurpd to crash. If an attacker manages to inject a specially crafted host name into slurpd, this might also be exploited to execute arbitrary code with slurpd's privileges; however, since...

CVE-2003-1438

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user...

CVE-2003-1438

BEA WebLogic Server and Express versions 5.1–7.0.0.1 are affected by a race condition in in-memory session replication or replicated stateful session beans. The same buffer may be provided to two different users, allowing one user to access another user’s session data. This CVE detail describes t...