Oracle Virtual Server Agent Command Injection

Added: 11/26/2010 CVE: CVE-2010-3582 BID: 44031 Background Oracle VM software provides virtualization technology that allows running multiple instances of x86 virtual computers simultaneously within the host operating system. It supports many Oracle and non-Oracle based systems such as Windows,...

[Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-0009 : Oracle Virtual Server Agent Remote Command Execution This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will...

Oracle VM Server Virtual Server Agent - Command Injection (Metasploit)

$Id: oraclevmagentutl.rb 10821 2010-10-25 20:58:49Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Oracle VM Server Virtual Server Agent Command Injection

$Id: oraclevmagentutl.rb 10821 2010-10-25 20:58:49Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2010-3585

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented...

Design/Logic Flaw

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented...

Design/Logic Flaw

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented...

CVE-2010-3585

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented...

CVE-2010-3583

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented...

CVE-2010-3585

Oracle VM 2.2.x ovs-agent exposed XML-RPC endpoints allowing authenticated remote users to trigger command execution as root, leading to potential full compromise of the Oracle VM Server and its guests. Public records indicate an XML-RPC exposure enabling function calls not aligned with intended ...

Oracle Virtual Server Agent Command Injection

Exploit for unix platform in category remote exploits ============================================= Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracl...

Oracle Virtual Server Agent - Command Injection

Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracle Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...

Apache XML-RPC信息泄露漏洞

Apache XML-RPC是一种Java语言的XML-RPC协议实现。 Apache XML-RPC的实现上存在设计问题，远程攻击者可能利用来从服务端获取敏感信息。 Apache XML-RPC的SAX解析器允许包含外部资源，恶意客户端可能利用这个机制把服务器上资源包含进来。 Apache Group Apache XML-RPC 3.x Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://ws.apache.org/xmlrpc/changes-report.htmla3.1.3...

Fedora 12 : maniadrive-1.2-22.fc12 / php-5.3.3-1.fc12 / php-eaccelerator-0.9.6.1-2.fc12 (2010-11428)

Update to PHP 5.3.3 Security Enhancements and Fixes in PHP 5.3.3: Rewrote varexport to use smartstr rather than output buffering, prevents data disclosure if a fatal error occurs CVE-2010-2531. Fixed a possible resource destruction issues in shmputvar. Fixed a possible information leak because of...

PHP 5.3 < 5.3.3 Multiple Vulnerabilities

According to its banner, the version of PHP 5.3 installed on the remote host is older than 5.3.3. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...

PHP 5.2 < 5.2.14 Multiple Vulnerabilities

According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...

Mandriva Update for php MDVSA-2010:139 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:139 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Mandriva Linux Security Advisory : php (MDVSA-2010:140)

This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.3 : - Rewrote varexport to use smartstr rather than output buffering, prevents data disclosure if a fatal error occurs CVE-2010-2531. - Fixed a possible resource...

XML-RPC Library 1.3.0 - &#039;xmlrpc.php&#039; Arbitrary Code Execution (Metasploit)

$Id: phpxmlrpceval.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Cisco Network Building Mediator products contain multiple vulnerabilities

Overview Cisco Network Building Mediator NBM products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or to cause a denial of service. Description Cisco Network Building Mediator NBM products are designed to manage facility energy use...