FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service

FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service !/usr/bin/python print "" print " Iranian Pentesters Home " print " Www.Pentesters.Ir " print " PLATEN - H.jafari - " print " FtpXQ FTP Server 3.0 Remote Denial Of Service Exploit " print " author: PLATEN " print " E-mail && blog: "...

Adobe JRUN Directory Traversal

Digital Security Research Group DSecRG Advisory DSECRG-09-051 Application: Adobe JRun Application Server Versions Affected: 4 updater 7 Vendor URL: http://www.adobe.com/products/jrun/ Bug: Directory Traversal File Read Exploits: YES Reported: 20.01.2009 Vendor response: 21.01.2009 Solution: YES...

Design/Logic Flaw

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors...

CVE-2008-2577

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors...

CVE-2008-2590

Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors...

CVE-2008-2601

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors...

CVE-2008-2585

Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors...

CVE-2008-2591

Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors...

CVE-2008-2601

CVE-2008-2601 affects Oracle iStore in Oracle E-Business Suite 12.0.4. The vulnerability is listed under Oracle E-Business Suite risk matrix with HTTP access requiring a valid session; it is not remotely exploitable (Remote Exploit with Auth? = No) and has a CVSS v2 base score of 5.5 (Confidentia...

CVE-2008-2577

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors...

CVE-2008-2621

CVE-2008-2621 affects Oracle PeopleSoft Enterprise (PeopleTools) with 8.48.17 and 8.49.11. The connected PeopleSoft/JD Edwards entry lists CVE-2008-2621 under PeopleSoft PeopleTools with a CVSS v2 base score of 4.0 (Medium). The risk matrix indicates the vulnerability requires a valid session (au...

CVE-2008-1816

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 SDOUTIL in the Oracle Spatial component, aka DB05; or 2 fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

DEBIAN-CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

CVE-2007-5972

Double free vulnerability in the krb5defstoremkey function in lib/kdb/kdbdefault.c in MIT Kerberos 5 krb5 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

IBM Lotus Domino IMAP Service Mailbox Name Overflow

The IMAP server component of IBM Lotus Domino Server installed on the remote host fails to properly validate the mailbox name before copying it into a fixed-size stack buffer as part of handling certain unspecified commands. Using a specially crafted mailbox name to which he is subscribed, an...

Code injection

Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08...

CVE-2007-2109

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 Rules Manager and Expression Filter components DB02 and 2 Oracle Streams DB06. Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a...

CVE-2007-2109

CVE-2007-2109 affects Oracle Database 10.2.0.3 with reported issues in two components: (1) Rules Manager and Expression Filter (DB02) due to a race condition in the RLMGR_TRUNCATE_MAINT trigger that can change AUTHID from DEFINER to CURRENT_USER after TRUNCATE, and (2) Oracle Streams (DB06) due t...