4305 matches found
Oracle Database password weakness
Added: 05/12/2009 Background Oracle Database is a relational database solution available for multiple platforms. Problem The Oracle Database service has accounts with default or easily guessed passwords, which could allow an attacker to make unauthorized SQL queries. Resolution Set a strong...
Microsoft Office OCX ActiveX controls OpenWebFile program execution
Added: 01/30/2009 BID: 33243 Background Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files. Problem A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the OpenWebFile method...
Oracle Database string conversion buffer overflow
Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...
SQL injection
Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...
E-mail attachment execution
Added: 01/28/2009 Background This tool sends an e-mail attachment which, when executed, establishes a command connection. Limitations This tool requires a user to execute the e-mail attachment in order to succeed. This tool requires the IP address of a working mail server which allows relaying of...