Oracle Database Multiple Vulnerabilities (January 2006 CPU)

The remote Oracle database server is missing the January 2006 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Change Data Capture - Connection Manager - Data Pump - Data Pump Metadata API - Dictionary - Java Net...

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Open Redirection, SQL Injection, Broken Authentication and Session Management, Insecure Randomness, Information Disclosure, Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.1.13 and below,...

DSA-1926-1 typo3-src - several vulnerabilities

Bulletin has no description...

CVE-2009-3630

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue...

CVE-2009-3630

TYPO3 Backend frame hijacking (CVE-2009-3630) affects the Backend subcomponent in TYPO3 up to specific early releases: 4.0.13 and earlier; 4.1.x before 4.1.13; 4.2.x before 4.2.10; and 4.3.x before 4.3beta2. Remote authenticated users could place arbitrary websites into TYPO3 backend framesets vi...

CVE-2009-3635

The CVE-2009-3635 issue affects TYPO3 Install Tool subcomponent. Affected TYPO3 versions: 4.0.13 and earlier; 4.1.x before 4.1.13; 4.2.x before 4.2.10; 4.3.x before 4.3beta2. The vulnerability allows remote attackers to gain access using only the password’s MD5 hash as a credential. No explicit e...

CVE-2008-1966

Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service instance crash via a call to the 1 RECOVERJAR or 2 REMOVEJAR procedure with a...

Cross site scripting

Cross-site scripting XSS vulnerability in HTTP File Server HFS before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL...

CVE-2008-0410

HTTP File Server HFS before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL...

Sql injection

Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 DB05 in the a Data Pump component; 2 DB15 in the b Oracle Text component; 3 DB22 in the c Streams Apply component; 4 DB23 and 5 DB24 in th...

CVE-2006-0260

Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 DB05 in the a Data Pump component; 2 DB15 in the b Oracle Text component; 3 DB22 in the c Streams Apply component; 4 DB23 and 5 DB24 in th...