NGSSoftware Insight Security Research Advisory #NISR2122004L - IBM's DB2 database server contains a procedure, generate_distfile. This procedure suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.
3ef55a702511cb8221131c88341c2991b45a10ee7c8b153e5ddda2eb0ad3028eNGSSoftware Insight Security Research Advisory #NISR2122004J - IBM's DB2 database server contains a function, rec2xml, used to format a string in XML. This function suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.
b8613611d22ef6e27ef52155f6315c5d527c17d33199e9824cdca2fd21abca6fNGSSoftware Insight Security Research Advisory #NISR2122004J - The code for PL/SQL procedures can be encrypted or wrapped to use the Oracle term. When a wrapped procedure is created a buffer overflow vulnerability can be triggered. Systems Affected: Oracle 10g/9i on all operating systems.
6b25554fd71f5fe123c25e28820f4b1f31d38e591f699777f1bf2d6ed93ae82cNGSSoftware Insight Security Research Advisory #NISR2122004H - Oracle 10g and 9i suffer from multiple PL/SQL injection vulnerabilities. Systems Affected: Oracle 10g/AS on all operating systems.
6e5d05e4c37be6abe44d5313fc7449e528c71dc7700e7622039d9692cc8be6e9NGSSoftware Insight Security Research Advisory #NISR2122004F - The 10g Oracle TNS Listener is vulnerable to a denial of service vulnerability. Systems Affected: Oracle 10g on all operating systems.
af6b33695e7d0331269bb9875337f50a3075042eadab32b1f8486a07d3fb6a67NGSSoftware Insight Security Research Advisory #NISR2122004E - The 10g Oracle Application Server installs ISQL*Plus. Once logged in, an attacker can use load.uix to read files on the server. Systems Affected: Oracle 10g AS on all operating systems.
41e4563892e55bab629dadaa582258738d586ada2b237ca6ef0b6b3ebb0209caNGSSoftware Insight Security Research Advisory #NISR2122004D - The 10g Oracle database server may have passwords in clear text in world readable files. Systems Affected: Oracle 10g on all operating systems.
d3b0b872bbed09a293cc3e6d16fa8f3fd84179096e93c1d42e83f550db052afeNGSSoftware Insight Security Research Advisory #NISR23122004C - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc is intended only to accept requests from the Oracle database server but local users can still execute commands bypassing this restriction. Systems Affected: Oracle 10g/9i on all operating systems.
d564ebb6b5748561ebcce49b8dface7849a65669daeb969695defa9c396adb17NGSSoftware Insight Security Research Advisory #NISR23122004B - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc has been found to suffer from a directory traversal problem that allows attackers access to arbitrary libraries. Systems Affected: Oracle 10g/9i on all operating systems.
25c8b9a1837b4ad345045e140f4a5f8d0598d3455a856d252b974d56dca2fd4dNGSSoftware Insight Security Research Advisory #NISR2122004A - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc has been found to suffer from another buffer overflow vulnerability. Systems Affected: Oracle 10g on all operating systems.
40555a31fe2e6ad6539966721ecc71750f0e9aab14788315d6ec9c0e5f421632NGSSoftware Insight Security Research Advisory #NISR2122004G - Due to character conversion problems in Oracle 10g with Oracle's Application server it is possible to bypass pl/sql exclusions and gain access to the database server as SYS. Systems Affected: Oracle 10g/AS on all operating systems.
8d1abd33755d60617a7f206475214c1c02523008459acccc97aaeff0494e01baNGSSoftware Insight Security Research Advisory #NISR2122004I - Database triggers exist to help maintain data integrity and perform certain actions when a table's data is modified. Many of the default triggers in Oracle can be abused to gain elevated privileges. Systems Affected: Oracle 10g/9i on all operating systems.
e72c95ea02cc6dce6f0b00cfde315e1752b174373db4397eb16a6eb2becf9523Venustech AD-Lab Advisory AD_LAB-04006 - There is a vulnerability in Microsoft Windows .hlp file parsing program winhlp32.exe. The vulnerability is caused due to a decoding error within the windows .hlp header processing. This can be exploited to cause a heap-based buffer overflow. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.
a4d0f4fd5ceaadb1c6e0a8112c7289a3a1d44aa6bc11cd18346109a009cb1efbVenustech AD-Lab Advisory AD_LAB-04005 - Parsing a specially crafted ANI file causes the windows kernel to crash or stop to work properly. An attacker can crash or freeze a target system if he sends a specially crafted ANI file within an HTML page or within an Email. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.
a4b61c9f9acb50b67f793629552a1104d23cf0c1bf9143acaaeb455b74faf2dfVenustech AD-Lab Advisory AD_LAB-04004 - An exploitable integer buffer overflow exists in the LoadImage API of the USER32 Lib. This function loads an icon, a cursor or a bitmap and then try to proceed the image. If an attacker sends a specially crafter bmp, cur, ico or ani file within an HTML page or in an Email, it is then possible to run arbitrary code on the affected system. Vulnerable: Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003.
c0a680adceb00e2746611c146dcfe6d92f290f0d6de2753e6424fdc90cb0746eVenustech AD-Lab Advisory AD_LAB-04003 - The Linux 2.6 kernel series POSIX Capability LSM module is problematic in that upon insertion, all the processes that currently exist from normal users will have root capabilities.
7ea5778763ac495c2c270616972c42efa4e093dcf90fd40d71f7547032c162c9Secunia Security Advisory - A vulnerability has been reported in Docbook-to-Man, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
27d5d01669e9047245e27cda3a9bf9553bb01a552d8b5b89403ced59b5aa15e5Secunia Security Advisory - A vulnerability has been reported in LPRng, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
3a6c362b0e346c06177dff3d4250581cb9726128c4137b07648646ba3fe54681KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
34a96e4ccfc6bc38f130061fe7d69adb1d54fb95e91f6eb8ea657e2605e23145A series of tests were performed to find Cross-Site Scripting (XSS) vulnerabilities. It quickly turned out that the majority of all major websites suffer from some kind of XSS flaw. This is a disclosure of 175 vulnerabilities at once.
542050829be68249f5087c7bfb911b172ced5e03a109ac853b43196bedcb2e29Several large Indian portals such as Rediffmail and the Indiatimes are susceptible to scripting attacks, putting millions at risk.
7270595bc7701ff27f5dbe7e03cce6a3e77be239ec66559bdc34934a593f1633PsychoStats versions 2.2.4 Beta and earlier are susceptible to a cross site scripting attack.
d1114f9c993573b815a04fd554ee7d17e53e511f5372e20336cecc502a7d68a0A vulnerability has been found in the Internet Explorer browser with system installed Realone 2.0 build 6.0.11.868 in the processing of the EMBED tag.
705ffb25bd28dfbdb6659300b6f399d4c05155581c6e6f51b36706a597ad0871Secunia Security Advisory - A vulnerability has been reported in Citrix Metaframe XP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified boundary error, which can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code.
30ac47909b7d3c1206ba83586cdf367aa64efecc2944660c26f5698e9c8e8943NGSSoftware has discovered three high risk security vulnerabilities in Sybase Adaptive Server Enterprise 12.5.2. Sybase ASE versions 12.5.2 and older are vulnerable to these issues.
24e258ca92543143d8bb6573b1fbe63401dfb53c34b2cdde67c04b7f8fb904ed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed