Oracle Database 10gR1 suffers from a buffer overflow in VERIFY_LOG procedure (DB03) Oracle Database Server provides the DBMS_SNAPSHOT_UTL package that includes capability to manage materialized views. This package contains the public procedure VERIFY_LOG that is vulnerable to buffer overflow. By default DBMS_SNAPSHOT_UTL has EXECUTE permission to PUBLIC so any Oracle database user can exploit this vulnerability.
ea6e241657c9e065a438b5455bcab515b2160933d8125c649d1b3edd73b8d8f6FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server. POC exploit examples included.
481c7a945450e48e78979147b05693402a43777326aca41596449f2f82aa8a32
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed