Team SHATTER Security Advisory - The PL/SQL package DBMS_CDC_PUBLISH owned by SYS has an instance of SQL Injection in the ALTER_AUTOLOG_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_PUBLISH can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges.
6d9859110fa4472ae5c8c80e514c0e87d667d0dfdda497fbb7603deb6b05266dMultiInjector is an automatic SQL injection utility. It uses a list of URI addresses to test parameter manipulation. Once a vulnerable parameter has been found, a signature-evasive SQL injection is performed in order to achieve arbitrary OS command execution and automatic defacement on database server. Written in Python.
d0a2c499695030d18ad21ebc9dc3a13ab00abc17a9f29a9fcee08ef33b253a06Team SHATTER Security Advisory - The PL/SQL package DBMS_CDC_IPUBLISH owned by SYS has an instance of SQL Injection in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_IPUBLISH can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges.
82c4d19734c2c52a47749dc7aec61838a254cb0150ca211870aef6a151c901dcMandriva Linux Security Advisory - Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6.1 verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications that used the GnuTLS library to trust invalid certificates. The updated packages have been patched to correct this issue.
0111abeb08bb42e780b644937c300f302aebebda1a1f47a4e9b45a5b6d908d34turnkeyforms Web Hosting Directory suffers from an arbitrary database backup and insecure cookie handling vulnerabilities.
9fcf56cd23d0c4c7d1ab66150d90b2e0a76ea7e2f69d2b35cd0ddbc4a8e96a5bturnkeyforms Local Classifieds suffers from a direct access vulnerability that allow for authentication bypass.
613e114fc711e1d9398d8caa531f82dc7a07171665630fa66baf46289d11416aSecunia Security Advisory - hkm has reported a vulnerability in Siemens SpeedStream 5200, which can be exploited by malicious people to bypass certain security restrictions.
e79afa633fe8a133bf24a71f209d6dc6fa5eeea8cdb10f2856fac10073065410Secunia Security Advisory - G4N0K has reported some vulnerabilities in TurnkeyForms Web Hosting Directory, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.
00a797e6e27b082b074e5c18a9ff42a59b63fc8d486c869ff84bbc25e0e162b4Secunia Security Advisory - Hussin X has reported a vulnerability in PozScripts Business Directory Script, which can be exploited by malicious people to conduct SQL injection attacks.
6c169ecab27647d113043042a1cdac3b431a5f02cd15e708d358aab71e8c2ee0Secunia Security Advisory - ZoRLu has reported a vulnerability in AlstraSoft Web Host Directory, which can be exploited by malicious people to conduct SQL injection attacks.
e0c412659a6f170fe41ac5f4252df72cd9cace0983a6b078c945b262ea1f5859Secunia Security Advisory - ZoRLu has reported a vulnerability in AlstraSoft Article Manager Pro, which can be exploited by malicious people to conduct SQL injection attacks.
2d3fe8f87a687538eb1c70d28c84e7aacf52959e351aeb117833e015767bbb09Secunia Security Advisory - ZoRLu has reported a vulnerability in AlstraSoft SendIt Pro, which can be exploited by malicious people to compromise a vulnerable system.
99d33a6224b2261f49186950d598dd6f597f6022425f2e58b162e54433480555Secunia Security Advisory - A vulnerability has been reported in Sun Java System Messaging Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
1e51c4983fbf393653aac7889249bf3c2d4122af23d7995746d4a6c9ae6e22f0Secunia Security Advisory - A vulnerability has been reported in Sun Logical Domains (LDoms), which can be exploited by malicious, local users to bypass certain security restrictions.
8e7e6acf4ef04fd55ecfa9f275c4ffc90cba9d0c2243a9bae7bc1e3aed34bd04Secunia Security Advisory - Debian has issued an update for libcdaudio. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
a03ab4fa4dec08574ffda8353e50a661d92a17f3e66627133ff43702e4a63fe4Secunia Security Advisory - Red Hat has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially cause a DoS (Denial of Service).
39588f0dc1c22a7c78bd6664caa3d2b7edf02d70468ad276d450da7cda801396Secunia Security Advisory - A vulnerability has been reported in TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.
44db94178634e3d7071e9a098bb0761dc09f98164e2bc8fbdb252a4745a87c4dSecunia Security Advisory - Ubuntu has issued an update for gnome-screensaver. This fixes a weakness and a security issue, which can be exploited by malicious people with physical access to disclose potentially sensitive information or bypass certain security restrictions.
51327509f5ba9243d3c2974d48e636e27bc30cfe919fdff952aeb299548403c9Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
755c2a29759d50db7ddb5bbd7eb751b7dd46664d18ada3481cc638b1d273b333Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
f3fa36071fff1ab033fc4d3858e02b08dbcd5aa28e1271682d857e0f502a4cdaSecunia Security Advisory - Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
3cb6e0ef94c432240c33bf47a35d812cc4caeb403084ad144f8d6c55a81e5a22Secunia Security Advisory - A vulnerability has been reported in HP Service Manager, which can be exploited by malicious users to bypass certain security restrictions.
fa496af570c2f434b9f9e0ff25607b0ce0f3d1eed4fa438ca298d5becf139d01Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
a406b40f699b94c6d054447153afa387487220cc2a19a864e9ae9d112d5e8d77Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
12002f79e2f5e3572aceb0148357919d2b071bf341a7f02aa8ab6f64843a067aSecunia Security Advisory - Fedora has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
d86975fe073de20b06d1abcf320d14cdd4acf57eb2e7b96090a7d2675f39a24e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed