Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

Fedora 7 : openldap-2.3.34-6.fc7 (2008-1307)

Tue Feb 5 2008 Jan Safranek 2.3.34-6 - fix CVE-2007-6698 431409 - Mon Jan 14 2008 Jan Safranek 2.3.34-5 - fix default slurpd directory to /var/lib/ldap 424831 - Fri Nov 2 2007 Jan Safranek 2.3.34-4 - fix various security flaws 360081 - Fri Jul 13 2007 Jan Safranek 2.3.34-3 - Fix initscript return...

Debian Security Advisory DSA 1169-1 (mysql-dfsg-4.1)

The remote host is missing an update to mysql-dfsg-4.1 announced via advisory DSA 1169-1. Several local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4226 Michal Prokopiuk discovered...

Ubuntu 5.04 / 5.10 / 6.06 LTS : openldap2, openldap2.2 vulnerability (USN-305-1)

When processing overly long host names in OpenLDAP's slurpd replication server, a buffer overflow caused slurpd to crash. If an attacker manages to inject a specially crafted host name into slurpd, this might also be exploited to execute arbitrary code with slurpd's privileges; however, since...

CVE-2003-1438

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user...

CVE-2003-1438

BEA WebLogic Server and Express versions 5.1–7.0.0.1 are affected by a race condition in in-memory session replication or replicated stateful session beans. The same buffer may be provided to two different users, allowing one user to access another user’s session data. This CVE detail describes t...

CVE-2007-2275

Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users...

Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow

Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...

Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow

Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...

CVE-2007-2116

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMSSNAPINTERNAL package...

Buffer overflow

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMSSNAPINTERNAL package...

CVE-2007-2116

Summary of CVE-2007-2116 (Oracle DB): A buffer overflow in the Oracle Database Advanced Replication component, specifically in package SYS.DBMS_SNAP_INTERNAL, affects Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5. The vulnerability may allow remote command execution via the SNAP_OWNER or SNAP_N...

CVE-2007-2116

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMSSNAPINTERNAL package...

Design/Logic Flaw

Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors...

CVE-2007-1853

Technical details about CVE-2007-1853 are not publicly provided in the supplied documents; no affected products, root cause, vectors, or fixes are stated. Monitor for updates.

Sql injection

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to 1 the Advanced Queuing component and sys.dbmsaqsys.dbmsaq privileges DB01, 2 Advanced Replication and sys.dbmsrepcatuntrusted DB07, and 3 Oracle Text and ctxloa...

CVE-2007-0268

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to 1 the Advanced Queuing component and sys.dbmsaqsys.dbmsaq privileges DB01, 2 Advanced Replication and sys.dbmsrepcatuntrusted DB07, and 3 Oracle Text and ctxloa...

CVE-2007-0268

CVE-2007-0268 affects Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5, with vulnerabilities in Advanced Queuing (sys.dbms_aqsys.dbms_aq privileges DB01), Advanced Replication (sys.dbms_repcat_untrusted DB07), and Oracle Text (ctxload DB15). The underlying impact/attack vectors are not fully detail...

CVE-2007-0268

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to 1 the Advanced Queuing component and sys.dbmsaqsys.dbmsaq privileges DB01, 2 Advanced Replication and sys.dbmsrepcatuntrusted DB07, and 3 Oracle Text and ctxloa...

Backup implementation

Backup implementation I. Intro II. Tools III. Strategy We study the tools. System utilities for copying files. In the simplest case, to create a replica of the file structure, you can, of course, use the copy command on Windows and cp or rcp on nix. However, there are many questions that these...