CVE-2008-3984

CVE-2008-3982, CVE-2008-3983, and CVE-2008-3984 are SQL injection flaws in Oracle Workspace Manager (SYS.LT.*: MERGEWORKSPACE, COMPRESSWORKSPACE, REMOVEWORKSPACE) that allow a remote authenticated user to affect confidentiality and integrity. Public details show Metasploit modules targeting SYS.L...

CVE-2008-3983

CVE-2008-3983 is a SQL injection vulnerability in Oracle Database Server’s Workspace Manager component (SYS.LT) affecting 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6. The flaw allows a remote authenticated user to affect confidentiality and integrity via SYS.LT.MERGEWORKSPACE (and relate...

CVE-2008-3982

CVE-2008-3982 concerns SQL injection in Oracle Workspace Manager (Workspace Manager component) of Oracle Database. Connected sources document concrete exploits in SYS.LT.* procedures (COMPRESSWORKSPACE, MERGEWORKSPACE, REMOVEWORKSPACE) that allow an attacker with execute privilege to inject SQL, ...

CVE-2008-3592

Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing t...

CVE-2007-6453

Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the ulang parameter...

Oracle Workspace Manager LT软件包SQL注入漏洞

BUGTRAQ ID: 26098 Oracle Database是一款商业性质大型数据库系统。 Oracle中捆绑的Workspace Manager包含有名为LT的软件包，LT软件包的实现上存在SQL注入漏洞，远程攻击者可能利用此漏洞获取非授权访问。 LT软件包属于SYS用户，可被PUBLIC执行，LT中的FINDRICSET过程调用了LTRIC软件包中的FINDRICSET ，而这个调用过程中存在SQL注入漏洞，允许远程攻击者通过提交恶意的SQL查询请求获得SYS权限。 Oracle Oracle9i Oracle Oracle10g Release 2 Oracle...

Sql injection

SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are...

Design/Logic Flaw

Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka 1 DB08, 2 DB09, 3 DB10, 4 DB11, 5 DB12, 6 DB13, 7 DB14, 8 DB15, 9 DB16, 10 DB17, and 11 DB18. NOTE...

CVE-2007-5510

Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka 1 DB08, 2 DB09, 3 DB10, 4 DB11, 5 DB12, 6 DB13, 7 DB14, 8 DB15, 9 DB16, 10 DB17, and 11 DB18. NOTE...

CVE-2007-5511

SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are...

CVE-2007-5510

Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka 1 DB08, 2 DB09, 3 DB10, 4 DB11, 5 DB12, 6 DB13, 7 DB14, 8 DB15, 9 DB16, 10 DB17, and 11 DB18. NOTE...

CVE-2007-5511

CVE-2007-5511 is a SQL injection vulnerability in Oracle Database Workspace Manager (SYS.LT.FINDRICSET) that allows an attacker to execute arbitrary SQL via the vulnerable parameter. The flaw affects Workspace Manager components prior to OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0. Public w...

CVE-2007-5510

CVE-2007-5511 relates to an SQL injection vulnerability in Oracle Database's SYS.LT.FINDRICSET function (Workspace/ LT package), exploitable via an Evil Cursor technique to escalate privileges to SYS. Reported for Oracle Database around 10g (pre-10.2.0.x), with exploitation potentially performed ...

CVE-2007-5511

SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are...

Microsoft Excel memory corruption

Index value is not checked on Workspace parsing...

Memory corruption

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting of the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption...

CVE-2007-3030

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting of the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption...

CVE-2005-3438

Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln 1 DB04 in Change Data Capture; 2 DB06 in Data Guard Logical Standby; 3 DB10 in Locale; 4 DB12 in Materialized Views; 5 DB13 in Objects Extension; 6 DB15 in...

CVE-2005-3438

Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln 1 DB04 in Change Data Capture; 2 DB06 in Data Guard Logical Standby; 3 DB10 in Locale; 4 DB12 in Materialized Views; 5 DB13 in Objects Extension; 6 DB15 in...

CVE-2005-1842

VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack...