Sql injection

Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the 1 Advanced Replication component, as identified by Vuln DB01, and 2 Oracle Spatial component, as identified by Vuln DB10. NOTE:...

Buffer overflow

Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFYLOG procedure of the DBMSSNAPSHOTUTL package, aka Vuln DB03...

CVE-2006-1868

Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFYLOG procedure of the DBMSSNAPSHOTUTL package, aka Vuln DB03...

CVE-2006-1868

Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFYLOG procedure of the DBMSSNAPSHOTUTL package, aka Vuln DB03...

CVE-2006-1866

CVE-2006-1866 affects Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5 and other versions, with unknown impact/attack vectors in (1) Advanced Replication (DB01) and (2) Oracle Spatial (DB10). Oracle reportedly did not publicly disclose details as of 20060421, but claims exist that DB01 ...

CVE-2006-1867

Technical details for CVE-2006-1867 are not publicly available in the provided documents. The entries reference Oracle 9.2.0.6 Advanced Replication with unknown impact and attack vectors. Monitor for authoritative updates and vendor advisories.

CVE-2006-1866

Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the 1 Advanced Replication component, as identified by Vuln DB01, and 2 Oracle Spatial component, as identified by Vuln DB10. NOTE:...

CVE-2006-1867

Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln DB02...

Oracle Advanced Replication SQL injection vulnerability

Overview An SQL injection vulnerability in the Oracle Advanced Replication component may allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description Oracle Advanced Replication component contains a SQL injection vulnerability.The details of this...

Microsoft WINS replication service pointer corruption

Added: 02/10/2006 CVE: CVE-2004-1080 BID: 11763 OSVDB: 12378 Background The Windows Internet Naming Service WINS maps Netbios names to IP addresses. The WINS replication service runs on port 42/TCP and allows WINS servers to share Netbios name information with other WINS servers. Problem The WINS...

Microsoft WINS replication service pointer corruption

Added: 02/10/2006 CVE: CVE-2004-1080 BID: 11763 OSVDB: 12378 Background The Windows Internet Naming Service WINS maps Netbios names to IP addresses. The WINS replication service runs on port 42/TCP and allows WINS servers to share Netbios name information with other WINS servers. Problem The WINS...

Microsoft WINS replication service pointer corruption

Added: 02/10/2006 CVE: CVE-2004-1080 BID: 11763 OSVDB: 12378 Background The Windows Internet Naming Service WINS maps Netbios names to IP addresses. The WINS replication service runs on port 42/TCP and allows WINS servers to share Netbios name information with other WINS servers. Problem The WINS...

Microsoft WINS replication service pointer corruption

Added: 02/10/2006 CVE: CVE-2004-1080 BID: 11763 OSVDB: 12378 Background The Windows Internet Naming Service WINS maps Netbios names to IP addresses. The WINS replication service runs on port 42/TCP and allows WINS servers to share Netbios name information with other WINS servers. Problem The WINS...

GLSA-200507-12 : Bugzilla: Unauthorized access and information disclosure

The remote host is affected by the vulnerability described in GLSA-200507-12 Bugzilla: Unauthorized access and information disclosure Bugzilla allows any user to modify the flags of any bug CAN-2005-2173. Bugzilla inserts bugs into the database before marking them as private, in connection with...

Bugzilla: Unauthorized access and information disclosure

Background Bugzilla is a web-based bug-tracking system used by many projects. Description Bugzilla allows any user to modify the flags of any bug CAN-2005-2173. Bugzilla inserts bugs into the database before marking them as private, in connection with MySQL replication this could lead to a race...

FreeBSD : bugzilla -- multiple vulnerabilities (6e33f4ab-efed-11d9-8310-0001020eed82)

A Bugzilla Security Advisory reports : Any user can change any flag on any bug, even if they don't have access to that bug, or even if they can't normally make bug changes. This also allows them to expose the summary of a bug. Bugs are inserted into the database before they are marked as private,...

Security Advisory for Bugzilla 2.18.1 and 2.19.3

Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security bugs that have recently been discovered and fixed in the Bugzilla code: + Any user can change a flag on any bug. This also allows the attacker to expose the...

CVE-2005-2174

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete...

CVE-2005-2174

CVE-2005-2174 concerns Bugzilla where Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 insert bugs before they are private, enabling a race condition that can expose bug details via buglist.cgi before MySQL replication completes. Connected references corroborate the flaw and i...

CVE-2005-2174

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete...