CVE-2005-3446

Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln DB32 and AS06...

CVE-2005-3448

Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln AS01...

[SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability

---------------------------------------------------------------------- SNS Advisory No.84 Oracle Application Server HTTP Response Splitting Vulnerability Problem first discovered on: Tue, 01 Feb 2005 Published on: Tue, 21 Oct 2005...

Oracle Application Server Internet Directory vulnerability

Overview An unspecified vulnerability in the Oracle Internet Directory may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Internet Directory provides directory services, such as LDAP support, for the Oracle Application Server. There...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

US-CERT Technical Cyber Security Alert TA05-292A -- Oracle Products Contain Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA05-292A Oracle Products Contain Multiple Vulnerabilities Original release date: October 19, 2005 Last revised: -- Source: US-CERT Systems Affected Oracle Database Server 10g Oracle9i Databas...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_route

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

Sun Java System Application Server (Sun ONE) JSP source code disclosure

No description provided...

Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut .lnk file. An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and...

Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability

Description The Microsoft MSDTC Microsoft Distribution Transaction Coordinator service is prone to a vulnerability that may permit denial of service attacks against the service or facilitate distributed denial of service attacks against other computers. The vulnerability exists in the TIP...

CVE-2005-3164

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when...

Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe)

The remote host appears to be running Interchange, an open source application server that handles state management, authentication, session maintenance, click trails, filtering, URL encodings, and security policy. According to its banner, the installed version of Interchange fails to sanitize inp...

Run any OS Command via unauthorized Oracle Forms

Name Run any OS Command via unauthorized Oracle Forms Systems Affected Oracle Web Forms 4.5, 5.0, 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 18 July 2005 V 1.00 Advisory...

Run any OS Command via unauthorized Oracle Reports

Name Run any OS Command via unauthorized Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-014...

Overwrite any file via desname in Oracle Reports

Name Overwrite any file via desname in Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category File overwrite Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-005 Inital bug...

Various Cross-Site-Scripting Vulnerabilities in Oracle Reports

Name Various Cross-Site-Scripting Vulnerabilities in Oracle Reports Systems Affected Oracle Reports 9.0.2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Inital bug report...

CVE-2004-2244

The CVE-2004-2244 entry affects Oracle XML parsing in Oracle Application Server Release 2 (9i) and Database Server Release 2, across multiple versions (9.0.3.0/9.0.3.1, 9.0.2.3 and earlier, Release 1 1.0.2.x, and 9.2.0.1 and later). It describes a denial-of-service condition triggered by processi...

CVE-2004-2216

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service crash via a malformed client certificate...

Oracle Forms Insecure Temporary File Handling

Name Oracle Forms Insecure Temporary File Handling Systems Affected Oracle Forms 4.5, 6.0, 6i, 9i Severity Medium Risk Category Information disclosure Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 13 July 2005 V 1.00 Advisory AKSEC2003-006 Oracle...

CVE-2004-2204

Macromedia ColdFusion MX 6.0 and 6.1 application server is affected when running with CreateObject or CFOBJECT enabled, allowing local users to perform unauthorized activities and potentially obtain administrative passwords by creating CFML scripts that leverage those features. The reports do not...