Onapsis Security Advisory - By exploiting an arbitrary file access vulnerability in the SAP J2EE Core Services, a remote unauthenticated attacker may be able to compromise the entire ERP system.
da3f2ea2375b491dc09f2e39744d27613ea5e3233a1d79d58c43b34842597e24
This paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.
13625ce6c755c96192b50c4a415d4bee4bd21c7137c469ce62b2ea3b7d46cc76
Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.
90263b999fd3713c409e968fef5750efe496d3c670dd404aa00e7175cccf16df
Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable to an arbitrary URL redirection/phishing vulnerability. An attacker may inject an arbitrary URL into the web application and force the application to redirect to it without any validation. This vulnerability can be used in phishing attacks to trick legitimate users to visit malicious sites without realizing it. The affected link and parameter are /em/console/database/xdb/XDBResource and cancelURL. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
3e1f7b8dd952616f02834e723183cf85039124c2b4eabdfbed4d636fa1c09fea
Ruby Parser version 2.0.4 insecurely creates files in /tmp that can allow for a denial of service condition.
094657d654b5045e05adb6d836d052776e6708bb9e26629a4ff9504e67047580
Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/streams/queue in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
e191ca74b3adea6783bc6eb3b8f33d2b663130f5a1a8d124b4e8d1b20dcac05d
Nagios NRPE versions 2.13 and below suffer from a remote command execution vulnerability.
e554055ae18cd9fe6bcd14421d423114eca4f1e47b88e319df4e7a81bb4acf86
Team SHATTER Security Advisory - Some parameters of /em/console/ecm/config/savedConfig in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
42308000e542a1d9278b369616e91a8854bbced5e3b206cdf115c4e4f9d06e57
Team SHATTER Security Advisory - Some parameters of /em/console/database/dbclone/dBClone in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
5897aa6dffb670f996eeb60355e6b635c67ef10810f2429ce976f48422097393
Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.
b9fa27961da95e0e64a0970f55bd1166292455bd7ad40a519c24ce582e12a1ec
Team SHATTER Security Advisory - An attacker hosting a malicious web site can execute SQL statements in the backend database when an administrator with an open session in Oracle Enterprise Manager web application visits the malicious web site. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
49571641e710a1ec758dcec0e1e03620a16c0aef2ccc5eac49327bf8c09b5f3c
Team SHATTER Security Advisory - The 'pagename' parameter of web page /em/console/ecm/policy/policyViewSettings in Oracle Enterprise Manager is vulnerable to HTTP response splitting attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
16aeb9e7d9c1810b12977db09de9e12bb6519a3538e04f77b3203555af5bc05e
Onapsis Security Advisory - The SAP Portal "Federation" configuration pages do not properly handle authentication, exposing the entire Portal infrastructure.
ec578a095f1a6d51c543b8f60172c4da01037681852bb0569b01951f9eb78573
Team SHATTER Security Advisory - GeoRaster is a feature of Oracle Spatial that lets you store, index, query, analyze, and deliver GeoRaster data. One of the GeoRaster APIs is prone to stack-based overflow.
3a93180b3014610b665d5b8cce7d1ac694474a16caebae59d56cfa7c1dcef3af
Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control XML Database Resources page is vulnerable to a cross site scripting vulnerability. An attacker may inject malicious code into the web application and trick a legitimate user into executing it by various methods. Affected versions include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
d99af9ee753df748afa8622681887b09396561432184ac0aa41308d6c823185a
The Samsung Galaxy S3 w/ Android version 4.1.2 suffers from a bypass vulnerability due to S-Voice allowing the launch of any command even when the screen is locked.
f859a2a4bfd30be0e55663fe5c258853b5ad3a563064a6354107e8e25a8fc7cc
Ubuntu Security Notice 1743-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
705dae3f9be8344b571b6b9a8c3284099be0058b09273df2dfcbac465c97e537
Ubuntu Security Notice 1742-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
263f44f049c6dc57c6f2d29fd51ab6e9a6a23acbd53a47534ad2b6abddb3ce41
Ubuntu Security Notice 1741-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
eb2c5bd4dfc428ab867253b2af2dcc1b2cdd1973887db258045f6a16c3a74b25
Ubuntu Security Notice 1740-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
e1fdabab72af4143124c0ab88ecbab3fccaa33dddd0986932cf63009220ed845
Ubuntu Security Notice 1739-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
58b0c3ab55d814a0de2780b66cfcb90279094bfa49ea7e219cbc6f285d43ef49
Ubuntu Security Notice 1738-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
473f39dbfe2b310d358455320893c8f03c0a0e0f16502df8f41ca7601bbddbe8
Ubuntu Security Notice 1737-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
d4706f73edfaf7396bc83d22e3a782836f94b2cdf76572a50614650e19abd845
Ubuntu Security Notice 1745-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
9d4310af2ab2d674ea50ec8b0a5935369bae9e6f1691b71538f3f19cf84afb53
Ubuntu Security Notice 1744-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
93d1156c3ee62445d44798d63acaf85ec5c33b8f8d64eeca80c0636e8ada95dc