CVE-2009-1990

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors...

CVE-2009-1999

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors...

CVE-2009-3407

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983...

CVE-2009-3407

Mode C (Normal): The CVE-2009-3407 vulnerability affects Oracle Application Server Portal (Portal component) in 10.1.2.3 and 10.1.4.2. It is exploitable over HTTP by remote attackers without authentication, with a CVSS v2 base score of 4.3 (Network, Medium complexity, no auth, Partial integrity i...

CVE-2009-1990

CVE-2009-1990 affects Oracle Application Server BI Enterprise Edition (Business Intelligence Enterprise Edition component) in Oracle Application Server 10.1.3.4.1. The Oracle CPU/Oracle Application Server risk matrix lists this as a local vulnerability with confidentiality impact Partial and no e...

CVE-2009-1990

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors...

US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities

Oracle Critical Patch Update Advisory - October 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

Oracle Releases Critical Patch Update

Oracle has released its Critical Patch Update for October 2009 to address 38 vulnerabilities across several database and server products. The update contains the following security fixes: 16 for the Oracle Database 3 for the Oracle Application Server 8 for the Oracle E-Business Suite and...

Microsoft Windows Kernel Exception Handler Local Denial Of Service Vulnerability

Description Microsoft Windows is prone to a local denial-of-service vulnerability that affects the Windows kernel. The issue stems from an error in the kernel's exception handler. Attackers may exploit this issue to restart the system, causing a denial-of-service condition. Technologies Affected...

Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. The vulnerability stems from a NULL-pointer dereference. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will resu...

Microsoft Windows Kernel Integer Underflow Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. The vulnerability is caused by an integer-underflow issue. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will...

IBM WebSphere Application Server < 6.1.0.27 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 27 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - The Eclipse help system included with WebSphere Application Server is affected by a cross-site scripting vulnerability. PK78917 - It...

CVE-2009-2744

Unspecified vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25."...

Cross site scripting

Cross-site scripting XSS vulnerability in Eclipse Help in IBM WebSphere Application Server WAS 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input...

CVE-2009-2742

Cross-site scripting XSS vulnerability in Eclipse Help in IBM WebSphere Application Server WAS 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input...

CVE-2009-2743

IBM WebSphere Application Server WAS 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure...

CVE-2009-2743

CVE-2009-2743 affects IBM WebSphere Application Server 6.1 (before 6.1.0.27) and 7.0 (before 7.0.0.7). The issue arises when an exception occurs after using wsadmin scripts and configuring JAAS-J2C Authentication Data, allowing local users to read the FFDC log file and obtain sensitive informatio...

CVE-2009-2742

Cross-site scripting XSS vulnerability in Eclipse Help in IBM WebSphere Application Server WAS 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input...

CVE-2009-2744

CVE-2009-2744 affects IBM WebSphere Application Server 6.1 before 6.1.0.27. A remote denial-of-service condition is reported, related to an error in fixpacks 6.1.0.23 and 6.1.0.25. Remediation stated in connected sources is to upgrade to 6.1.0.27 or later (APAR PK91709). The public details descri...

CVE-2009-2742

IBM WebSphere Application Server 6.1 before 6.1.0.27 is affected by a cross-site scripting (XSS) vulnerability in the Eclipse Help component. The root cause is insufficient validation of input in Eclipse Help, allowing remote attackers to inject arbitrary script/HTML via unspecified input. Affect...