Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU October 2014

Abstract Oracle released the October 2014 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

Security Bulletin: Potential security vulnerabilities in IBM SDK for Java for WebSphere Application Server

Abstract The IBM WebSphere Application Server is shipped with an IBM Developer kit for Java that is based on the Oracle SDK. Oracle has released October 2012 critical patch updates CPU which contain security vulnerability fixes and the IBM SDK for Java that WebSphere Application Server ships is...

Security Bulletin: IBM OmniFind Enterprise Edition and IBM Content Analytics – Oracle Critical Patch Updates February 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM OmniFind Enterprise Edition and IBM Content Analytics and products. Content The products listed below may be affected by security vulnerabilities reported by Oracle’s February 2013 Critical Patch...

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager Content The products listed below might be affected by security vulnerabilities reported by Oracle’s April 2013 Critical Patch Updates: · IBM FileNet Business Proces...

Security Bulletin: Vulnerabilities in Linux Kernel and Java affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in the Linux Kernel and Java may affect IBM Spectrum Protect Plus. The Java vulnerabilities were disclosed as part of the Java Critical Patch Updates in July and October 2020. UPDATED: 3 March 2021: Added CVE-2020-10711 Vulnerability Details CVEID: CVE-2020-14782...

Security Bulletin: IBM Sterling Connect:Direct FTP+ is affected by a vulnerability in the IBM Runtime Environment, Java™ Technology Edition (CVE-2013-1500)

Summary IBM Sterling Connect:Direct FTP+ is shipped with IBM Runtime Environment, Java™ Technology Edition the “IBM RE”, that is based on an Oracle Java Runtime Environment JRE. Oracle has released the June 2013 critical patch updates CPU that contain security vulnerability fixes for the JRE. The...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK have been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core (January 2017 CPU)

Summary IBM WebSphere Application Server is shipped as a component of IBM Integrated Information Core. Oracle released the January 2017 critical patch updates that contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with IBM WebSphere Application...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core - Oracle CPU April 2016

Summary Oracle released the April 2016 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Vulnerability Details New IBM WebSphere Application Server updates are available that...

Security Bulletin: Multiple vulnerabilities in IBM Rational Build Forge (CVE-2012-3213, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, C

Summary IBM Rational Build Forge is shipped with an IBM Java that is based on Oracle Java. Oracle has released critical patch updates CPUs January 13, February 1 and February 19 that contain security vulnerability fixes and IBM Java is affected. These fixes have been added to the Rational Build...

Security Bulletin: Multiple security vulnerabilities exist in WebSphere Transformation Extender (CVE-2013-5802 CVE-2013-4002 CVE-2013-5825 CVE-2013-5372 CVE-2013-0599 CVE-2013-0464 CVE-2013-0467 CVE-2013-2962 CVE-2013-2415)

Summary WebSphere Transformation Extender products are affected by multiple security vulnerabilities that exist in Oracle JRE and IBM Eclipse Help System. Additionally, WTX Launcher is vulnerable to a denial of service attack using a buffer overflow. Vulnerability Details WebSphere Transformation...

Security Bulletin: IBM® Db2® is affected by vulnerabilities in the IBM® SDK, Java Technology Edition Quarterly Critical Patch Updates (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)

Summary Db2 is affected by vulnerabilities in IBM® JDK. This only affects customers using Integrated Text Search. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim ...

Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server April 2014 CPU

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Vulnerability Details The IBM WebSphere Application Server is shipped with an IBM SDK for Java that is based on the Oracle JDK. Oracle has released April 2014 critical pat...

Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities

Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software. The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as "Critical Patch Updates" CPU...

Oracle Java SE Multiple Vulnerabilities - Linux

Sun Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sun:jre"; ifdescription...

ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities

ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-09-059 -- CVE ID: CVE-2009-1978 -- Affected Vendors: Oracle -- Affected Products: Oracle Secure Backup -- Vulnerability Details: This vulnerability...

Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener (PoC)

Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener PoC TNS Listener Oracle RDBMS exploit, cause trap in Listener process more precisely: in function memcpy called from ncrfintn function which is located in oranro11.dll Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32...

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-001

Digital Security Research Group DSecRG Advisory DSECRG-09-001 Application: Oracle Application Server SOA Versions Affected: Oracle Application Server SOA version 10.1.3.1.0 Vendor URL: http://www.oracle.com Bugs: XSS Exploits: YES Reported: 10.01.2008 Vendor response: 11.01.2008 Date of Public...

Oracle 10g R1 pitrig_truncate PLSQL Injection (get users hash)

No description provided by source. // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGTRUNCATE / / SQL Injection Exploit / // / sploit get password Hashes / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 28, 2008 / / Written by: &nbsp...

Oracle 10g R1 pitrig_drop PLSQL Injection (get users hash)

No description provided by source. // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGDROP / / SQL Injection Exploit / // / sploit get password Hashes / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 28, 2008 / / Written by: &...

Oracle E-Business套件SQL注入漏洞

Oracle E-Business Suite是一款Oracle公司推出的电子商务套件。 Oracle E-Business Suite存在SQL注入问题，远程攻击者可以利用漏洞获得敏感信息或操作数据库。 问题存在于管理控制台中的okxLOV.jsp脚本，此页面允许攻击者指定参数给WHERE SQL命令而没有做任何过滤，导致以APPS用户权限执行任意SQL注入。 E-Business Suite 11 E-Business Suite 12 可参考如下安全公告获得补丁信息：...