BEA产品多个远程安全漏洞

BEA Systems WebLogic包含多种应用系统集成方案，包括Server/Express/Integration等。 BEA Weblogic中存在多个安全漏洞，可能允许恶意攻击者获得敏感信息、绕过某些安全限制、导致拒绝服务或完全入侵系统。 这些漏洞包括： 1 SSL库中的漏洞可能允许判断明文块； 2 从缓存重用连接时服务器没有正确地验证客户端证书，导致攻击者可以通过X.509证书访问Web服务器。成功攻击要求应用程序允许通过单个客户端进程访问多个用户； 3 存储在JDBCDataSourceFactory MBean Properties属性中的口令没有加密； 4...

Fedora Core 5 : ruby-1.8.5-1.fc5 (2006-1110)

Fri Oct 27 2006 Akira TAGOH - 1.8.5-1 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. 212396 - backport fixes from devel. - fixed rbconfig.rb to refer to DESTDIR for sitearchdir. 207311 - updates to 1.8.5 - removed...

CVE-2006-6237

SQL injection vulnerability in the decodecookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter...

CVE-2006-5967

Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe...

CVE-2006-5713

Cross-site scripting XSS vulnerability in Easy File Sharing EFS Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 author, 2 content, or 3 title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtain...

CVE-2006-5713

Cross-site scripting XSS vulnerability in Easy File Sharing EFS Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the 1 author, 2 content, or 3 title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtain...

Linux Kernel 2.2.x - 2.4.x ptrace/kmod Local Root Exploit

No description provided by source. / Linux kernel ptrace/kmod local root exploit This code exploits a race condition in kernel/kmod.c, which creates kernel thread in insecure manner. This bug allows to ptrace cloned process, allowing to take control over privileged modprobe binary. Should work...

CVE-2006-4392

The Mach kernel, as used in operating systems including 1 Mac OS X 10.4 through 10.4.7 and 2 OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task addre...

Malware and anti-malware technical analysis-vulnerability warning-the black bar safety net

Malware technology of all kinds, of any one function are likely to become a rogue technology, just like weapons, with the good may justice, with a crooked but become evil accomplice. First of all, I From win32 under some rogue bus analysis start: 1. I want to be a malware, the first thing to do i...

Important: Red Hat Bug Fix Advisory: bind bug fix update

Updated bind packages that fix several bugs are now available. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. The bind package provides a DNS server named, which resolves host names to IP addresses, and tools for control and verification of the DN...

security flaw

fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service deadlock by forcing a core dump when the traced thread is in the TASKTRACED state...

MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit

Exploit for linux platform in category remote exploits ============================================================= MySQL = 5.0.20 COMTABLEDUMP Memory Leak/Remote BoF Exploit ============================================================= / April 21.st 2006 myexploit.c MySql COMTABLEDUMP Memory Le...

FlexBB &lt;= 0.5.7 BETA XSS

FlexBB = 0.5.7 BETA XSS Start a new thread and type this in the thread name field box :- scriptalertdocument.cookie/script Or post a reply to any topic and include this in your reply :- scriptalertdocument.cookie/script Found By: Qex...

Code injection

An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to the Teacher discovery port UDP port 5496, which causes a thread to terminate and prevents...

SMART Technologies SynchronEyes Remote Denial of Services

Title: SMART Technologies SynchronEyes Remote Denial of Services Release Date: 04. April 2006 Author: Dennis Elser dennis backtrace de Vendor: SMART Technologies Inc. http://www.smarttech.com Vendor Status: Notified, fixes scheduled for May Product: SynchronEyes Student and Teacher Affected...

CVE-2005-4750

CVE-2005-4750 affects BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier. It allows remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. The provided documents do not include concrete exploit details...

Dropbear OpenSSH Server - MAX_UNAUTH_CLIENTS Denial of Service

Dropbear OpenSSH Server - MAXUNAUTHCLIENTS Denial of Service !/usr/bin/perl I needed a working test script so here it is. just a keep alive thread, I had a few problems with Pablo's code running properly. Straight from Pablo Fernandez's advisory: Vulnerable code is in svr-main.c / check for max...

Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service

Exploit for multiple platform in category dos / poc ================================================================ Dropbear / OpenSSH Server MAXUNAUTHCLIENTS Denial of Service ================================================================ !/usr/bin/perl I needed a working test script so here ...

Cross site scripting

Cross-site scripting XSS vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB aka MyBulletinBoard 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header $url variable...

security flaw

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONEVM such as linuxthreads and vfork, might allow local users to cause a denial of service deadlock by triggering a core dump while waiting for a thread that has just performed an exec...