CVE-2008-3977

Technical details for CVE-2008-3977 are not provided in the connected documents. Public information about affected components and exact vulnerability vectors is not available here; monitor for updates from official advisories.

CVE-2008-3986

CVE-2008-3986 affects the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2. Local users can impact confidentiality via unknown vectors. The connected Oracle CPU Oct 2008 advisory lists this as a patched vulnerability; apply the CPUOct2008 fixes to mitiga...

Oracle Database Server 'CREATE ANY DIRECTORY'特权提升漏洞

BUGTRAQ ID: 31738 CNCAN ID：CNCAN-2008101405 Oracle Database Server是一款大型企业级的数据库服务程序。 Oracle Database Server 'CREATE ANY DIRECTORY'用户特权相关处理存在问题，远程攻击者可以利用漏洞获得SYSDBA特权权限。 通过UTLDIR使用已知两进制密码文件可直接覆盖隐藏的两进制文件，而使拥有CREATE ANY DIRECTORY低权限的用户获得SYSDBA特权。 目前如下链接进行了一定程度的分析目前不能连接：...

IBM WebSphere Application Server管理控制台溢出漏洞

BUGTRAQ ID: 13853 IBM Websphere应用服务器以基于Java和Servlet引擎为基础，支持多种HTTP服务，可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 WebSphere Application Server管理控制台中存在Unicode缓冲区溢出漏洞，远程攻击者可能利用此漏洞在主机上执行任意指令。 起因是其认证机制。仅在服务器启用了"global security...

Oracle Application Server (SOA) — Linked XSS vulnerability

Application:Oracle Application ServerSOA Versions Affected:Oracle Application ServerSOA version 10.1.3.1.0 Vendor URL: http://oracle.com Bugs:Multiple XSS Exploits: YES Reported: 10.01.2008 Vendor response:11.01.2008 Date of Public Advisory:13.01.2009 CVE: CVE-2008-4014 Description: XSS IN...

IBM WebSphere Application Server 6.1 < Fix Pack 19 Unspecified Vulnerability

Binary data 4685.prm...

CVE-2008-4111

Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors...

CVE-2008-4111

Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors...

CVE-2008-4111

CVE-2008-4111 affects IBM WebSphere Application Server 6.0.2.x before 6.0.2.31 and 6.1.x before 6.1.0.19 when the FileServing feature is enabled. Connected sources describe concrete issues beyond the generic description: (1) a malformed HTTP Host header (exceeding 256 bytes) can crash the remote ...

IBM WebSphere Application Server 6.1 < Fix Pack 19 Multiple Flaws

IBM WebSphere Application Server 6.1 before Fix Pack 19 appears to be running on the remote host. As such, it is reportedly affected by multiple flaws : - An as-yet unspecified security exposure vulnerability exists when the 'FileServing' feature in the Servlet Engine / Web Container component is...

IBM WebSphere Application Server 'FileServing'功能未明漏洞

BUGTRAQ ID: 31186 CNCAN ID：CNCAN-2008091602 IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 IBM WebSphere Application Server 'FileServing'功能存在安全问题，目前没有详细漏洞细节提供。 IBM Websphere Application Server 6.1.18 IBM Websphere Application Server 6.1.17 IBM Websphere Application Server 6.1.15 IBM Websphere...

Fujitsu Interstage Application Server Access Control Update Problem

Overview Under certain conditions, the Single Sign-On function in the Fujitsu Interstage Application Server fails to properly update access control information. Impact Access control may not be properly implemented. Solution Please refer to the 'Vendor Information' section for the official...

Sybase Enterprise Application Server Management Console detection

The remote host is running the Sybase Enterprise Application Server JSP Administration Console. Sybase EAServer is the open application server from Sybase Inc an enterprise software and services company, exclusively focused on managing and mobilizing information. This NVT was deprectated and the...

Sybase Enterprise Application Server Management Console detection

The remote host is running the Sybase Enterprise Application Server JSP Administration Console. Sybase EAServer is the open application server from Sybase Inc an enterprise software and services company, exclusively focused on managing and mobilizing information. This VT was deprecated and the...

Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability

Overview The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling. Impact A remote attacker could execute arbitrary code by sending a long URI. Solution Please refer to the 'Vendor Information' section for the vendor...

Security Best Practice: Blocking Citrix ICA Vulnerabilities

Independent Computing Architecture ICA is a proprietary protocol for an application server system, designed by Citrix Systems. The protocol lays down a specification for passing data between server and clients. ICA is broadly similar in purpose to window servers such as the X Window System. It al...

Microsoft Windows Image Color Management Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because of a flaw in the Microsoft Color Management System MSCMS module of the Image Color Management System ICM. An attacker could exploit this issue by enticing a victim to open a malicious image file. Successfully...

Microsoft Excel Record Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel Credential Caching Vulnerability

Description Microsoft Excel is prone to a vulnerability that allows unauthorized access to remote data source credentials that have been cached in Excel files. This issue is limited to Microsoft Excel 2007 and Microsoft Office 2008 for Mac. Technologies Affected Avaya Messaging Application Server...

Team SHATTER Security Advisory: SQL Injection in Oracle Application Server &#40;WWEXP_API_ENGINE&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory SQL Injection in Oracle Application Server WWEXPAPIENGINE Audust 4, 2008 Risk Level: High Affected versions: Oracle Application Server 9.0.4.3, 10.1.2.2 and 10.1.4.1 Remote exploitable: Yes No authentication required...