TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Cross Site Scripting in XDBResource cancelURL parameter February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7,...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager advReplicationAdmin February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits:...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager streams queue February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager Resource Manager February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remot...

Nagios NRPE 2.13 Code Execution

Summary: --------------- CVE-ID: CVE-2013-1362 CVSS: Base Score 7.5 CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L Vendor: Nagios Affected Products: NRPE Affected Platforms: All Affected versions: '"\;" This allows the passing of $ to plugins/scripts which, if...

Oracle Application Express (Apex) Unspecified Issues (pre 3.1)

There are unspecified vulnerabilities in the Application Express component of the Oracle Database. The updated version 3.1 contains two security fixes for vulnerabilities of which one is remotely exploitable without authentication...

SAP NetWeaver Message Server - Multiple Vulnerabilities

SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...

SAP NetWeaver Message Server - Multiple Vulnerabilities

Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release...

NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/)

-------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 111111...

SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass

Exploit for multiple platform in category web applications -------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001...

DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass

-------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 111111...

SonicWALL GMSViewpointAnalyzer - Authentication Bypass

SonicWALL GMSViewpointAnalyzer - Authentication Bypass -------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 ...

GE Intelligent Platforms Proficy Real-Time Information Portal Directory Traversal

Overview ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative ZDI. If exploited, this vulnerability could allow an attacker to create or overwrite a file on the system running Real-Time Information Portal. concerning a directory traversal vulnerability in the GE...

HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP Operations Agent Opcode coda.exe...

Team SHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager (SQL Tunning Sets components)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Multiple SQL Injection in Oracle Enterprise Manager SQL Tunning Sets components. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Remote...

HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow

This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent for Windows. The vulnerability exists in the HP Software Performance Core Program component coda.exe when parsing requests for the 0x8c opcode. This Metasploit module has been tested successfully on HP Operatio...

Sybase ASE 15.x Java Command Execution

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Java Operating System command execution. Risk Level: High Affected versions: Sybase ASE 15.0, 15.5 and 15.7 Remote exploitable: Yes Credits: This vulnerability was discovered...

Lattice Diamond Programmer Buffer Overflow

Exploit for windows platform in category dos / poc Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL: http://www.coresecurity.com/content/lattice-diamond-programmer-buffer-overflow Date...

Lattice Diamond Programmer Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL:...

Lattice Diamond Programmer 1.4.2 - Buffer Overflow (PoC)

Lattice Diamond Programmer 1.4.2 - Buffer Overflow PoC Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Lattice Diamond Programmer Buffer Overflow 1. Advisory Information Title: Lattice Diamond Programmer Buffer Overflow Advisory ID: CORE-2012-0530 Advisory URL:...