iDefense Security Advisory 07.15.08 - Remote exploitation of a buffer overflow vulnerability in the DBMS_AQELM package in Oracle Corp.'s Oracle Database product allows attackers to execute arbitrary code with the privileges of the database user. This vulnerability exists due to improper input validation when handling a parameter passed to a procedure within the DBMS_AQELM package. Since the parameter is not properly validated, providing a long string can cause a buffer overflow to occur. This results in corruption of the database and could allow for the execution of arbitrary code as the database user. iDefense confirmed the existence of this vulnerability in Oracle Database version 10.2.0.3 and 11.1.0.6 with the October 2007 CPU applied. Previous versions may also be affected.
01ee6c67c85787f73c33c76013b6095d4c5cc691acac1583a9413464e178ede0
iDefense Security Advisory 07.15.08 - Remote exploitation of a pre-authentication input validation vulnerability in Oracle Corp.'s Oracle Internet Directory allows an attacker to conduct a denial of service attack on a vulnerable host. Internet Directory consists of two processes. One process acts as a listener. It handles incoming connections and passes them off to the second process. The second process, which handles requests, contains the vulnerability. When processing a malformed LDAP request, it is possible to cause the handler to dereference a NULL pointer. This results in the process crashing. Future connection requests will be accepted by the listener process, and then immediately closed when it finds that there is no handler process running. iDefense confirmed the existence of this vulnerability in Oracle Internet Directory for Windows version 10.1.4.0.1 with the April 2007 CPU installed. Previous versions may also be affected.
b68c1567bcbb9c57e54d5c5d2a26fa9cc93258efcc805e6245e76fe2cfb9c7e1
NGSSoftware Insight Security Research Advisory - Oracle Application Server installs a number of PLSQL packages in the backend database server. One of these is the WWV_RENDER_REPORT package and it is vulnerable to PLSQL injection. This package uses definer rights execution and therefore executes with the privileges of the owner, in this case the highly privileged PORTAL user.
9b8fadd595dfccce56403731ee006274cd61e8b1f62476460b18211d7135e98e
PHP Help Agent versions 1.1 and below suffer from a local file inclusion vulnerability.
d228e4620f6d46855c910e0ee0034c1289e83d8a470bb3bc85bb846e18f0e696
Gentoo Linux Security Advisory GLSA 200807-09 - Jakub Wilk discovered a directory traversal vulnerability in the applydiff() function in the mercurial/patch.py file. Versions less than 1.0.1-r2 are affected.
8ba915a371fc50a3c2124719eb6c3a88e505ac6dad72fdd25bb38ba853d04f11
Debian Security Advisory 1569-3 - Since the previous security update, the cacti package could no longer be rebuilt from the source package. This update corrects that problem. Note that this problem does not affect regular use of the provided binary packages (.deb).
dc36fff9689e4aaf063e726c1168b13fa138e673807e06ed013c70027925613e
Secunia Security Advisory - S.W.A.T. has reported a vulnerability in Maian Weblog, which can be exploited by malicious people to bypass certain security restrictions.
9d9e9ecd445267ed104279e3935d2ef3781881eef91fd232e50244da21aab196
Secunia Security Advisory - Ubuntu has issued an update for pcre3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
47e9d19a48824b1dd3093c3addbe43db7fbb644abf6a652316462ed1ffd4e855
Secunia Security Advisory - A weakness has been reported in Firebird, which can be exploited by malicious users to disclose system information.
6a6dbbd6a5904957560902767e4db4410a8d0e4842bb86d960d714e117470ce7
Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
39cf2a4b64ea876a0e9eb5347e8edb112626da7c7e2e361315c4ceafbb237ead
Secunia Security Advisory - S.W.A.T. has reported a vulnerability in Maian Uploader, which can be exploited by malicious people to bypass certain security restrictions.
188ec856e4c96e642148c9f2faaac3a333f369b6a6970049c73f69ace4e8d491
Secunia Security Advisory - cOndemned has discovered a vulnerability in CodeDB, which can be exploited by malicious people to disclose sensitive information.
f9cfb7acbc5e2eb7ee3c856ee1d022cd658e9b9d18c92bacd5d27da59e4336e7
Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-sun. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.
06562b8d35c58b620a9de412137031e6de42fd24b5b04b6954d28f4736611f17
Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
bbbf7e72b0e9826506c07ad87097c221660aafd219ae2b45a69139fc609a3c97
Secunia Security Advisory - Some vulnerabilities and a weakness have been reported in Firebird, which can be exploited by malicious users to cause a DoS (Denial of Service) and disclose system information, and by malicious, local users to disclose sensitive information.
9f86bc4f30952e48c42b78d9daa76bc4b28c9a823a5d8c40fcf8c59807273b17
Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
93f32c6c172209a8f123a037d3e5720d8063bcecf59766d0cc0f967ab5171bcd