1962 matches found
Apache Tomcat "@ServletSecurity" 注释安全限制绕过漏洞
CVE ID: CVE-2011-1088 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在实现上存在"@ServletSecurity" 注释安全限制绕过漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 由于应用程序在加载小服务程序时未能正确执行"@ServletSecurity" 注释,可通过绕过注释指定的安全限制并泄露某些信息。 Apache Group Tomcat 7.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Oracle WebLogic Session Fixation Via HTTP POST
Exploit for multiple platform in category web applications Name Oracle WebLogic – Session Fixation Via HTTP POST Request Vendor Website http://www.oracle.com/ Date Released 11 March 2011 – CVE-2010-4437 Affected Software Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3 Researche...
Oracle Releases Critical Patch Update for Java SE and Java for Business
Oracle has released a Critical Patch Update for Java SE and Java for Business. This update addresses multiple vulnerabilities and contains 21 security fixes. US-CERT encourages users and administrators to review the Oracle Java SE and Java for Business Critical Patch Update Advisory for February...
The Oracle Quarterly Patch Update
January 18th marks the 6th anniversary of the Oracle Critical Patch Update CPU in its current form as a quarterly patch. For those who remember, before the CPU, Oracle released patches as Security Alerts, the last being Security Alert 68 at the end of August 2004. In the past 6 years, CPUs have...
Oracle Releases Critical Patch Update for January 2011
Oracle has released its Critical Patch Update for January 2011 to address 82 vulnerabilities across multiple products. This update contains the following security fixes: 7 for Oracle Database Server 16 for Oracle Fusion Middleware 2 for Oracle Enterprise Manager Grid Control 16 for Oracle...
Oracle Critical Patch Update - January 2011
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...
Oracle Critical Patch Update - January 2011
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Oracle Virtual Server Agent Command Injection
Added: 11/26/2010 CVE: CVE-2010-3582 BID: 44031 Background Oracle VM software provides virtualization technology that allows running multiple instances of x86 virtual computers simultaneously within the host operating system. It supports many Oracle and non-Oracle based systems such as Windows,...
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...
Oracle Database Multiple Vulnerabilities (October 2010 CPU)
The remote Oracle database server is missing the October 2010 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Enterprise Manager Console - Java Virtual Machine - Change Data Capture - OLAP - Job Queue - XDK - Core RDBMS - Perl...
FreeBSD-SA-10:09.pseudofs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:09.pseudofs Security Advisory The FreeBSD Project Topic: Spurious mutex unlock Category: core Module: pseudofs Announced: 2010-11-10 Credits: Przemyslaw...
[Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-0008 : Oracle Virtual Server Agent Arbitrary File Access This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will ga...
[Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-0010: Oracle Virtual Server Agent Local Privilege Escalation This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you wil...
Oracle数据库CREATE_CHANGE_SET过程SQL注入漏洞
BUGTRAQ ID: 43956 CVE ID: CVE-2010-2415 Oracle是大型的商业数据库系统。 Oracle数据库的Change Data Capture组件中提供了一个DBMSCDCPUBLISH PL/SQL软件包,该软件包的CREATECHANGESET过程中存在SQL注入漏洞。恶意用户可以以特殊参数调用有漏洞的过程,导致以SYS用户的权限执行SQL语句。 利用这个漏洞要求拥有对SYS.DBMSCDCPUBLISH软件包的EXECUTE权限。默认下给予了EXECUTECATALOGROLE角色的用户拥有这个权限。 Oracle Database 11.2.0....
Oracle Enterprise Manager Grid Control HTTP请求远程溢出漏洞
BUGTRAQ ID: 43945 CVE ID: CVE-2010-2390 Grid Control是为整个Oracle IT架构提供中心化监视、管理、生命周期管理功能的系统管理软件。 远程攻击者可以通过向Grid Control的EM Console组件提交超长的HTTP请求触发缓冲区溢出,导致执行任意指令。 Oracle Enterprise Manager Grid Control 10.x 厂商补丁: Oracle ------ Oracle已经为此发布了一个安全公告(cpuoct2010)以及相应补丁: cpuoct2010:Oracle Critical Patch...