1848 matches found
Oracle to release 73 security vulnerabilities security patch update !
Oracle to release 73 security vulnerabilities security patch update ! Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software. All told, there will be 73 security vulnerabilities fixed acros...
Oracle Releases Critical Patch Update for April 2011
Oracle has released their Critical Patch Update for April 2011 to address 73 vulnerabilities across multiple products. This update contains the following security fixes: 6 updates for the Oracle Database Server 9 updates for Oracle Fusion Middleware 1 update for Oracle Enterprise Manager Grid...
SQL Injection vulnerabilities in extension "WEC Discussion Forum" (wec_discussion)
It has been discovered that the extension WEC Discussion Forum wecdiscussion is vulnerable to SQL Injection. Release Date: April 7, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.1.0 and all versions below...
CentOS Update for libtiff CESA-2011:0392 centos4 x86_64
Check for the Version of libtiff OpenVAS Vulnerability Test CentOS Update for libtiff CESA-2011:0392 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Solaris 9 (x86) : 116015-06
SunOS 5.9x86: /usr/sbin/usermod patch. Date this patch was last updated by Sun : Mar/18/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...
New Adobe Under Zero-Day Attack !
Adobe today released an advisory to warn about a remote code execution vulnerability in Flash Player, which also affects Adobe Reader and Acrobat. This critical vulnerability has been assigned CVE-2011-0609. Currently seen attacks work through a malicious SWF file which is embedded inside an Exce...
Apache Tomcat "@ServletSecurity" 注释安全限制绕过漏洞
CVE ID: CVE-2011-1088 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat在实现上存在"@ServletSecurity" 注释安全限制绕过漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 由于应用程序在加载小服务程序时未能正确执行"@ServletSecurity" 注释,可通过绕过注释指定的安全限制并泄露某些信息。 Apache Group Tomcat 7.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Oracle WebLogic Session Fixation Via HTTP POST
Exploit for multiple platform in category web applications Name Oracle WebLogic – Session Fixation Via HTTP POST Request Vendor Website http://www.oracle.com/ Date Released 11 March 2011 – CVE-2010-4437 Affected Software Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3 Researche...
Oracle Releases Critical Patch Update for Java SE and Java for Business
Oracle has released a Critical Patch Update for Java SE and Java for Business. This update addresses multiple vulnerabilities and contains 21 security fixes. US-CERT encourages users and administrators to review the Oracle Java SE and Java for Business Critical Patch Update Advisory for February...
The Oracle Quarterly Patch Update
January 18th marks the 6th anniversary of the Oracle Critical Patch Update CPU in its current form as a quarterly patch. For those who remember, before the CPU, Oracle released patches as Security Alerts, the last being Security Alert 68 at the end of August 2004. In the past 6 years, CPUs have...
Oracle Releases Critical Patch Update for January 2011
Oracle has released its Critical Patch Update for January 2011 to address 82 vulnerabilities across multiple products. This update contains the following security fixes: 7 for Oracle Database Server 16 for Oracle Fusion Middleware 2 for Oracle Enterprise Manager Grid Control 16 for Oracle...
Oracle Critical Patch Update - January 2011
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...
Oracle Critical Patch Update - January 2011
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Oracle Secure Backup Administration preauth variable command injection
Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...
Oracle Virtual Server Agent Command Injection
Added: 11/26/2010 CVE: CVE-2010-3582 BID: 44031 Background Oracle VM software provides virtualization technology that allows running multiple instances of x86 virtual computers simultaneously within the host operating system. It supports many Oracle and non-Oracle based systems such as Windows,...
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...
Oracle Secure Backup Administration selector parameter command injection
Added: 11/19/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability allows remote, authenticated attackers to execute arbitrary commands specified in the...