Oracle Enterprise Manager compareWizFirstConfig SQL injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 and previous patchsets Oracle...

Oracle Releases Critical Patch Update for April 2012

Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. This updates contains the following security fixes: 6 for Oracle Database Server 11 for Oracle Fusion Middleware 6 for Oracle Enterprise Manager Grid Control 4 for Oracle E-Busines...

Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012 CVE: CVE-2012-0507 BID: 52161 OSVDB: 80724 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012 CVE: CVE-2012-0507 BID: 52161 OSVDB: 80724 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012 CVE: CVE-2012-0507 BID: 52161 OSVDB: 80724 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

VMware vCenter Chargeback Manager信息泄露和拒绝服务漏洞

Bugtraq ID: 52376 CVE ID：CVE-2012-1472 VMware vCenter Chargeback Manager允许根据不同组织的流程和策略对成本模型进行自定义。 VMware vCenter Chargeback Manager处理XML API请求存在错误，可被利用从服务器下载文件或进行拒绝服务攻击。 0 VMWare vCenter Chargeback Manager 2.0 VMWare vCenter Chargeback Manager 1.6.2 厂商解决方案 VMWare vCenter Chargeback Manager...

[Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory: Oracle JD Edwards Security Kernel Remote Password Disclosure This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

Java Web Start initial heap size command injection

Added: 03/02/2012 CVE: CVE-2012-0500 BID: 52015 OSVDB: 79227 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Java Web Start allows arbitrary command-line argument injection through...

Java Web Start initial heap size command injection

Added: 03/02/2012 CVE: CVE-2012-0500 BID: 52015 OSVDB: 79227 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Java Web Start allows arbitrary command-line argument injection through...

Java Web Start initial heap size command injection

Added: 03/02/2012 CVE: CVE-2012-0500 BID: 52015 OSVDB: 79227 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A vulnerability in Java Web Start allows arbitrary command-line argument injection through...

Important: mysql

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102,...

mysql security update

CentOS Errata and Security Advisory CESA-2012:0127 Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Oracle Releases Critical Patch Update for February 2012

Oracle released its February Critical Patch Update CPU containing 14 security fixes for the following products: JDK and JRE 7 Update 2 and earlier JDK and JRE 5 Update 30 and earlier JDK and JRE 5.0 Update 33 and earlier SDK and JRE 1.4.235 and earlier JavaFX 2.0.2 and earlier US-CERT encourages...

mysql security update

CentOS Errata and Security Advisory CESA-2012:0105 Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

Oracle Web Services Manager Web Services Security远程权限提升漏洞

BUGTRAQ ID: 51463 CVE ID: CVE-2012-3568 Oracle Web Services Manager可提供Web服务的安全解决方案。 Oracle Web Services Manager在实现上存在远程权限提升漏洞，远程已验证攻击者可利用此漏洞可通过HTTP协议影响Web Services Security组件及11.1.1.3、11.1.1.4、11.1.1.5版本。 0 Oracle Web Services Manager 11.1.1.5 Oracle Web Services Manager 11.1.1.4 Oracle Web...

Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting

Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...

Oracle Releases Critical Patch Update for January 2012

Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 2 for Oracle Database Server 1 for Oracle Fusion Middleware 3 for Oracle E-Business Suite 1 for Oracle Supply Chain Products...

Oracle Database Multiple Vulnerabilities (January 2012 CPU)

The remote Oracle database server is missing the January 2012 Critical Patch Update CPU and, therefore, is potentially affected by security issues in the following components : - Core RDBMS - Listener %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Oracle Fixes 78 Flaws, Including Remotely Exploitable DB Server Bug

Oracle on Tuesday unleashed its quarterly critical patch update, which included just two fixes for vulnerabilities in its Oracle Database Server, one of the lower totals seen from the company in recent years. There are a total of 78 patches for a wide variety of Oracle products available today,...

Oracle Critical Patch Update - January 2012

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...