4503 matches found
CVE-2006-0274
Technical details for CVE-2006-0274 are not publicly provided in the supplied documents. Monitor for updates from Oracle/vendor advisories; current entries note unspecified impact, but no concrete exploit vectors or version-specific remediation are available here.
CVE-2006-0275
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...
CVE-2006-0275
CVE-2006-0275 affects Oracle Application Server 9.0.4.2, specifically the Oracle Reports Developer component. The connected documents identify the issue as a directory traversal vulnerability that can read portions of arbitrary XML files via the customize parameter (Oracle Vuln REP04). The NVD me...
CVE-2006-0288
Technical details for CVE-2006-0288 are not publicly available in the provided documents. The material only notes multiple unspecified vulnerabilities in Oracle Reports Developer without affected versions, vectors, impacts, or remediation.
CVE-2006-0288
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP01 and 2 REP02...
[Full-disclosure] Oracle Reports - Read parts of files via desname (fixed after 874 days)
Hello FD-Reader It took only 874 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyfi le.html...
[Full-disclosure] Oracle Reports - Read parts of files via customize(fixed after 875 days)
Hello FD-Reader It took only 875 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyxm lfile.ht...
[Full-disclosure] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)
Hello FD-Reader It took only 889 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsoverwritea...
security flaw
The Internet Group Management Protocol IGMP allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from...
CVE-2005-4813
Unspecified vulnerability in Report Application Server Crystalras.exe before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service application hang via certain network traffic...
[PHP-CHECKER] 99 potential SQL injection vulnerabilities
Hi, we are a group of Stanford researchers and we have recently developed an automated tool for detecting injection vulnerabilities in PHP. We ran our tool on the following list of software and found 99 potential security vulnerabilites inspected bug reports attached below: e107 -- v0.7 myBloggie...
Microsoft Windows XP20002003 - CreateRemoteThread Local Denial of Service
Microsoft Windows XP20002003 - CreateRemoteThread Local Denial of Service // source: https://www.securityfocus.com/bid/15671/info Microsoft Windows is prone to a local denial of service vulnerability. This issue can allow an attacker to trigger a system wide denial of service condition or termina...
Webalizer Cross Site Scripting Vulnerability
Webalizer have a cross-site scripting vulnerability, that could allow malicious HTML tags to be injected in the reports generated by the Webalizer. SPDX-FileCopyrightText: 2001 Alert4Web.com Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
CVE-2005-2983
SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes...
CVE-2005-2983
CVE-2005-2983 describes an SQL injection vulnerability in Oracle Reports that use Lexical References. The vulnerability arises when the paramform parameter is set to yes, allowing remote attackers to manipulate values in the parameter form and execute arbitrary SQL commands. The issue is document...
CVE-2005-2983
SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes...
Oracle Reports: Generic SQL Injection Vulnerability via lexical references
Hello Today I published a new advisory concerning a generic SQL Injection vulnerability in Oracle Reports. Details Oracle Reports provides a feature called lexical references. A lexical reference is a placeholder for text that you embed in a SELECT statement. It is possible to replace the clauses...
Oracle Reports SQL injection
It's possible to inject SQL to report if it uses lexical references without parameter validation...
DEBIAN-CVE-2005-2860
Cross-site scripting XSS vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report...
[SA16282] Business Objects Enterprise / Crystal Reports Denial of Service
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...