[Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory: Oracle JD Edwards Security Kernel Remote Password Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

Java Web Start initial heap size command injection

Added: 03/02/2012 CVE: CVE-2012-0500 BID: 52015 OSVDB: 79227 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Java Web Start allows arbitrary command-line argument injection through...

Java Web Start initial heap size command injection

Added: 03/02/2012 CVE: CVE-2012-0500 BID: 52015 OSVDB: 79227 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Java Web Start allows arbitrary command-line argument injection through...

Java Web Start initial heap size command injection

Added: 03/02/2012 CVE: CVE-2012-0500 BID: 52015 OSVDB: 79227 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Java Web Start allows arbitrary command-line argument injection through...

Important: mysql

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102,...

mysql security update

CentOS Errata and Security Advisory CESA-2012:0127 Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Oracle Releases Critical Patch Update for February 2012

Oracle released its February Critical Patch Update CPU containing 14 security fixes for the following products: JDK and JRE 7 Update 2 and earlier JDK and JRE 5 Update 30 and earlier JDK and JRE 5.0 Update 33 and earlier SDK and JRE 1.4.235 and earlier JavaFX 2.0.2 and earlier US-CERT encourages...

mysql security update

CentOS Errata and Security Advisory CESA-2012:0105 Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

Oracle Web Services Manager Web Services Security远程权限提升漏洞

BUGTRAQ ID: 51463 CVE ID: CVE-2012-3568 Oracle Web Services Manager可提供Web服务的安全解决方案。 Oracle Web Services Manager在实现上存在远程权限提升漏洞，远程已验证攻击者可利用此漏洞可通过HTTP协议影响Web Services Security组件及11.1.1.3、11.1.1.4、11.1.1.5版本。 0 Oracle Web Services Manager 11.1.1.5 Oracle Web Services Manager 11.1.1.4 Oracle Web...

Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting

Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...

Oracle Releases Critical Patch Update for January 2012

Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 2 for Oracle Database Server 1 for Oracle Fusion Middleware 3 for Oracle E-Business Suite 1 for Oracle Supply Chain Products...

Oracle Database Multiple Vulnerabilities (January 2012 CPU)

The remote Oracle database server is missing the January 2012 Critical Patch Update CPU and, therefore, is potentially affected by security issues in the following components : - Core RDBMS - Listener %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Oracle Fixes 78 Flaws, Including Remotely Exploitable DB Server Bug

Oracle on Tuesday unleashed its quarterly critical patch update, which included just two fixes for vulnerabilities in its Oracle Database Server, one of the lower totals seen from the company in recent years. There are a total of 78 patches for a wide variety of Oracle products available today,...

Oracle Critical Patch Update - January 2012

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

Oracle Critical Patch Update - January 2012

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

Oracle Critical Patch Update - July 2011

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should b...

Oracle Critical Patch Update - July 2011

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should b...

Adobe Warns of Critical Zero-Day Flaw in Reader and Acrobat

Adobe is warning users about a critical vulnerability in its Reader and Acrobat applications that could lead to remote code execution. There are reports that attackers already are using the Reader bug in targeted attacks, and Adobe said it plans to have a patch ready by next week. Adobe security...

Oracle Database Multiple Vulnerabilities (January 2007 CPU)

The remote Oracle database server is missing the January 2007 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Advanced Replication - Advanced Security Option - Change Data Capture - Data Guard - Export - Log Min...

Oracle Database Multiple Vulnerabilities (April 2006 CPU)

The remote Oracle database server is missing the April 2006 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Replication - Dictionary - Export - Log Miner - ModPL/SQL for Apache - Oracle Enterprise Manager Intelligent Agen...