There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend database server through the web server.
1065f3171e688a6943367c17316c3c189200259c4f1a0d62c3094f4eff89ca02HPSBMA02094 SSRT061104 rev.1 - Oracle(R) has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).
a0f1d5ed058295d6c7d24747be59443842325f38f166c4c696c87f218a337a0dHPSBUX02091 SSRT061099 rev.1 - A potential security vulnerability has been identified with HP-UX systems where the vulnerability may be exploited to allow a local user to increase privilege.
8ae2a9fe12c13bb09e8e72758e7a76f068b102cce3084578f3b47ba6858efc77Eterm when built links to LibAST. A stack overflow vulnerability exists in LibAST that allows an attacker to execute commands with user group utmp.
67f1218054724b40978a0903b78af822039d90aea5acfefee5b94f09deafab4cMandriva Linux Security Advisory - The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740).
11579c0483d4d509e057942afed3ac8f037f22d6b816d70ff94eb1d07aafaa0dMandriva Linux Security Advisory - The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601)
910d914cd815f14e7de2f37a55752c9068d22431d6de852fd6ef74967dfd98c5Mandriva Linux Security Advisory - Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content.
62d3761f131bbe3c54e9726abae35a70c7ccda64f6b057a6c63b7ba7e6b3c488Mandriva Linux Security Advisory - A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation.
59cef922e333f30a590f435910e8a784fba46f9e75af3e838ad9402bfcdf1680Debian Security Advisory DSA 957-1 - Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird.
2a5172ff5fdbf831edd4e378fc7dbeaf856412e4ea840c9dee36d8163f9273f6Debian Security Advisory DSA 956-1 - Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys.
3d3b94a323e19f3f68cf7df9f7a10ceb1451be1ebe25578966ee8a4aec0a3d88Gentoo Linux Security Advisory GLSA 200601-12 - Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Versions less than 0.9.3 are affected.
946808015c29402c4c324ed44bc6c7182c42193d76f77e71e75fd6c64d5de559Gentoo Linux Security Advisory GLSA 200601-13 - Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability. Versions less than 1.5.2 are affected.
b2cc39f7a1e4e28dfa726bdd0de3a439478c672ccb34b34a8d3cd8bb8128d688Secunia Security Advisory - Peter Winter-Smith of NGSSoftware has reported a vulnerability in Red Hat Directory Server and Red Hat Certificate System, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a vulnerable system.
e4c267d9827346eb0eb1d8069957a67236e2e567907b457b0d5d28894a244661Secunia Security Advisory - kcope has discovered a vulnerability in Mercury Mail Transport System, which can be exploited by malicious people to compromise a vulnerable system.
796ab64e83399c45c245a0f6f024d312ca3b6879d4cb3a9c011258dbcdd14759Secunia Security Advisory - SUSE has issued an update for phpMyAdmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system.
df261c5b7f5bd19af65a7846e2260a5df198bf28bd9a234c08d1b704ad917479Secunia Security Advisory - A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash certain applications on a user's system.
5e57eafdb8c7c14ad5026ee616253a42c96b7917c551b6317ef7d4eaa2dfc2afSecunia Security Advisory - David Litchfield has reported a vulnerability in various Oracle products, which can be exploited by malicious people to bypass certain security restrictions.
a6a0d947804f8b6036d49cbd8591316f5773891e2894ebe9da49378e4d8f1c38Secunia Security Advisory - Debian has issued an update for lsh-utils. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information or to cause a DoS (Denial of Service).
7c9e099f2e69de24dab48264e635114635d99acd903cc633751bb3214abbab01Secunia Security Advisory - SAUDI has reported some vulnerabilities in NewsPHP, which can be exploited by malicious people to conduct SQL injection attacks.
962103155459a79ce3f79c0851a9f804b79d3268bb638b7331e2d057155d6ea8Secunia Security Advisory - Gentoo has issued an update for trac. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
819e87b030b1dc6ad26a55f6108200fd450bd35bc4e0b4481827b06cbd1b2be5Secunia Security Advisory - Avaya has acknowledged a vulnerability in Predictive Dialing System (PDS), which can be exploited by malicious, local users to gain escalated privileges.
ba80531e1baa2a3650339af864b27829a7a0f91a4670a870bae30109b641fcc6Secunia Security Advisory - matrix_killer has discovered two vulnerabilities in Phpclanwebsite, which can be exploited by malicious people to conduct SQL injection attacks.
dd1d200cd2ff4f130e3ace67044fdfd561780019ddb7b6fc7a30d3c3e4712fd9Secunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in ExpressionEngine, which can be exploited by malicious people to conduct script insertion attacks.
7eaa406d353432135d7f40a3cae7fbc0b616ea494498ff6e4bb8c1ad16b7706cSecunia Security Advisory - Debian has issued an update for mailman. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
7e582180978d73ca93dac035839154664414b00ac8cca721ebc875fac1fd1240Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to bypass certain security restrictions.
4f3d2d892ab573f2b168fa844660c8c21fa8c432fa9b5bc698cda93d207f95c7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed