Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions Description Multiple vulnerabilities exist in numerous...

Oracle JDeveloper Plaintext Passwords

Name Oracle JDeveloper Plaintext Passwords Systems Affected Oracle JDeveloper 9.0.4, 9.0.5, 10.1.2 Severity Low Risk Category Information Disclosure of Passwords Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 13 July 2005 V 1.00 Advisory...

US-CERT Technical Cyber Security Alert TA05-117A -- Oracle Products Contain Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA05-117A Oracle Products Contain Multiple Vulnerabilities Original release date: April 27, 2005 Last revised: -- Source: US-CERT Systems Affected From the Oracle Critical Patch Update - April 2005: Oracle Database 10g...

[SA15060] KDE Kommander Arbitrary Code Execution Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: KDE Kommander Arbitrary Code Execution Vulnerability...

[AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denial of Service in Oracle interMedia AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-01.html April 18, 2005 Affected versions: Oracle Database Server versions 9i and 10g Risk level: Medium Credits: This...

[AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SQL Injection in CREATESCNCHANGESET procedure AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-05.html April 18, 2005 Affected versions: Oracle Database Server version 10g Risk level: High Credits: This...

HP-UX PHSS_31823 : s700_800 11.04 Virtualvault 4.7 IWS update

s700800 11.04 Virtualvault 4.7 IWS update : The ssllog function in modssl contains a flaw in versions prior to 2.8.19 that may allow execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch...

Fedora Core 2 : cups-1.1.20-11.11 (2005-122)

A problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project www.mitre.org has assigned the name CVE-2004-0888 to this issue. FEDORA-2004-337 attempted to correct this but the patch was incomplete. Note that Tenable Network Securi...

[Full-Disclosure] Integrigy Security Advisory - High Risk Security Issues in the Oracle Database and Oracle Applications

Integrigy Security Advisory High Risk Security Issues in the Oracle Database and Oracle Applications Oracle Critical Patch Update - January 2005 January 19, 2005 Summary: Oracle has released the its first Critical Patch Update January 2005 and fixes 23 vulnerabilities in the Oracle Database, Orac...

Oracle Database Multiple Vulnerabilities (January 2005 CPU)

The remote Oracle Database, according to its version number, is vulnerable to several flaws, ranging from information disclosure about the remote host to code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 9 (x86) : 116775-04

SunOS 5.9x86: ping Patch. Date this patch was last updated by Sun : Feb/05/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 8 (x86) : 116987-02

SunOS 5.8x86: /usr/sbin/ping patch. Date this patch was last updated by Sun : Nov/15/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Moderate: Red Hat Security Advisory: squid security update

An updated squid package that fixes a security vulnerability in the NTLM authentication helper is now available. Squid is a full-featured Web proxy cache. An out of bounds memory read bug was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authenticatio...

Mandrake Linux Security Advisory : unzip (MDKSA-2003:073-1)

A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two '.' characters. These invalid characters are filtered which results in a '..' sequence. The patch applied to these...

Mandrake Linux Security Advisory : libpng (MDKSA-2004:063)

A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise. This vulnerability was initially patched in January of 2003, but it has since been noted that fixes were...

SuSE-SA:2004:007: openssl

The remote host is missing the patch for the advisory SuSE-SA:2004:007 openssl. OpenSSL is an implementation of the Secure Socket Layer SSL v2/3 and Transport Layer Security TLS v1 protocol. The NISCC informed us about to failure conditions in openssl that can be triggered to crash applications...

SuSE-SA:2003:046: sane

The remote host is missing the patch for the advisory SuSE-SA:2003:046 sane. The sane Scanner Access Now Easy package provides access to scanners either locally or remotely over the network. Several bugs in sane were fixed to avoid remote denial-of-service attacks. These attacks can even be...

SUSE-SA:2003:013: sendmail, sendmail-tls

The remote host is missing the patch for the advisory SUSE-SA:2003:013 sendmail, sendmail-tls. sendmail is the most widely used mail transport agent MTA in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SUSE products. These versions...

SUSE-SA:2004:021: php4/mod_php4

The remote host is missing the patch for the advisory SUSE-SA:2004:021 php4/modphp4. PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the 'memorylimit' handling of PHP which allows remote attackers to execute arbitrary code...

SUSE-SA:2002:042: kdenetwork

The remote host is missing the patch for the advisory SUSE-SA:2002:042 kdenetwork. During a security review, the SUSE security team has found two vulnerabilities in the KDE lanbrowsing service. LISa is used to identify CIFS and other servers on the local network, and consists of two main modules:...