11 matches found
EUVD-2007-5536
Malware in sbrugna...
CVE-2007-5561
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175...
Oracle Application Server 10g OPMN Service Format String (CVE-2009-0993)
A format string vulnerability exists in Oracle Application Server. The flaw is due to improper handling of user data when logging the events. A remote attacker could exploit this vulnerability by sending specially crafted request to the target system. In an attack case where code injection is not...
Oracle存在多个安全漏洞
CNCAN ID:CNCAN-2009041604 多个Oracle产品存在漏洞,可导致SQL注入,泄漏敏感信息或使攻击者破坏系统: -Oracle Process Manager和Notification opmn守护程序存在格式串错误,提交特殊构建的POST请求给port 6000/TCP可导致任意代码执行。 -传递给"DBMSAQIN"的输入在使用前缺少过滤,可导致注入任意SQL代码。 -Oracle数据库包含的Application Express组件存在错误,非特权用户可以获得"LOWS030000.WWVFLOWUSER"中的APEX密码HASH。 目前还存在多个未知漏洞。...
CVE-2009-0993
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...
Format string
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...
CVE-2009-0993
CVE-2009-0993 is a format-string vulnerability in Oracle Application Server 10g’s OPMN daemon (opmn). A remote attacker can trigger arbitrary code execution by sending crafted HTTP POST requests that are logged by opmn.log, exploiting improper handling of format specifiers. Affected product is Or...
Format string
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175...
CVE-2007-5561
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175...
CVE-2007-5561
Format string vulnerability in the Oracle OPMN daemon’s logging function affects Oracle Enterprise Grid Console server 10.2.0.1. A remote attacker can craft a URI in an HTTP request to port 6003 to trigger the flaw and potentially execute arbitrary code. The description notes this may be related ...
CVE-2007-5561
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175...