Oracle Database Two Security Issues
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
Oracle Database Two Security Issues
SECUNIA ADVISORY ID: SA38353
VERIFY ADVISORY: http://secunia.com/advisories/38353/
DESCRIPTION: David Litchfield has reported two security issues in Oracle Database, which can be exploited by malicious users to gain escalated privileges and compromise a vulnerable system.
1) Access to procedures within the “DBMS_JVM_EXP_PERMS” package is not restricted, which can be exploited to modify the Java [...]
Fedora update for chrony
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
Fedora update for chrony
SECUNIA ADVISORY ID: SA38498
VERIFY ADVISORY: http://secunia.com/advisories/38498/
DESCRIPTION: Fedora has issued an update for chrony. This fixes a security issue and a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
For more information: SA38428
SOLUTION: Apply updated packages via the yum utility (“yum update chrony”).
ORIGINAL ADVISORY: FEDORA-2010-1539 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034887.html
FEDORA-2010-1536 [...]
Rostermain “userid” and “password” SQL Injection Vulnerabilities
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
Rostermain “userid” and “password” SQL Injection Vulnerabilities
SECUNIA ADVISORY ID: SA38440
VERIFY ADVISORY: http://secunia.com/advisories/38440/
DESCRIPTION: Some vulnerabilities have been discovered in Rostermain, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the “userid” and “password” parameters in index.php is not properly sanitised before being used in SQL queries. This can be exploited [...]
Oracle WebLogic Server Node Manager Unspecified Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
Oracle WebLogic Server Node Manager Unspecified Vulnerability
SECUNIA ADVISORY ID: SA38473
VERIFY ADVISORY: http://secunia.com/advisories/38473/
DESCRIPTION: A vulnerability has been reported in Oracle WebLogic Server, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error. Further information is currently not available.
This may be related to: SA38345
The vulnerability is [...]
JaxCMS “p” Local File Inclusion Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
JaxCMS “p” Local File Inclusion Vulnerability
SECUNIA ADVISORY ID: SA38524
VERIFY ADVISORY: http://secunia.com/advisories/38524/
DESCRIPTION: A vulnerability has been discovered in JaxCMS, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed to the “p” parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary [...]
Joomla Productbook Component “id” SQL Injection Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
Joomla Productbook Component “id” SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA38466
VERIFY ADVISORY: http://secunia.com/advisories/38466/
DESCRIPTION: A vulnerability has been discovered in the Productbook component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the “id” parameter in index.php (when “option” is set to “com_productbook”) is not properly sanitised before being [...]
Uiga Business Portal SQL Injection and Script Insertion Vulnerabilities
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
Uiga Business Portal SQL Injection and Script Insertion Vulnerabilities
SECUNIA ADVISORY ID: SA38430
VERIFY ADVISORY: http://secunia.com/advisories/38430/
DESCRIPTION: Some vulnerabilities have been discovered in Uiga Business Portal, which can be exploited by malicious people to conduct SQL injection and script insertion attacks.
1) Input passed via the “noentryid” parameter to blog/index.php (when “view” is set to “noentryid”) is not [...]
httpdx “f_command()” FTP Command Format String Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
httpdx “f_command()” FTP Command Format String Vulnerability
SECUNIA ADVISORY ID: SA38486
VERIFY ADVISORY: http://secunia.com/advisories/38486/
DESCRIPTION: A vulnerability has been discovered in httpdx, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to a format string error within the “f_command()” function in httpdx_src/ftp.cpp, [...]
Zen Time Tracking Multiple SQL Injection Vulnerabilities
Verfasst von Stefan unter Bugs / Fehlermeldungen am Dienstag 9. Februar 2010
Zen Time Tracking Multiple SQL Injection Vulnerabilities
SECUNIA ADVISORY ID: SA38471
VERIFY ADVISORY: http://secunia.com/advisories/38471/
DESCRIPTION: Multiple vulnerabilities have been discovered in Zen Time Tracking, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the “username” and “password” parameter to userlogin.php and managerlogin.php is not properly sanitised before being used in a SQL [...]
OTRS SQL Injection Vulnerabilities
Verfasst von Stefan unter Bugs / Fehlermeldungen am Montag 8. Februar 2010
OTRS SQL Injection Vulnerabilities
SECUNIA ADVISORY ID: SA38507
VERIFY ADVISORY: http://secunia.com/advisories/38507/
DESCRIPTION: Some vulnerabilities have been reported in OTRS (Open Ticket Request System), which can be exploited by malicious users to conduct SQL injection attacks.
Unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary [...]
