iDefense Security Advisory 07.15.08 - Remote exploitation of a buffer overflow vulnerability in the DBMS_AQELM package in Oracle Corp.'s Oracle Database product allows attackers to execute arbitrary code with the privileges of the database user. This vulnerability exists due to improper input validation when handling a parameter passed to a procedure within the DBMS_AQELM package. Since the parameter is not properly validated, providing a long string can cause a buffer overflow to occur. This results in corruption of the database and could allow for the execution of arbitrary code as the database user. iDefense confirmed the existence of this vulnerability in Oracle Database version 10.2.0.3 and 11.1.0.6 with the October 2007 CPU applied. Previous versions may also be affected.
01ee6c67c85787f73c33c76013b6095d4c5cc691acac1583a9413464e178ede0iDefense Security Advisory 07.15.08 - Remote exploitation of a pre-authentication input validation vulnerability in Oracle Corp.'s Oracle Internet Directory allows an attacker to conduct a denial of service attack on a vulnerable host. Internet Directory consists of two processes. One process acts as a listener. It handles incoming connections and passes them off to the second process. The second process, which handles requests, contains the vulnerability. When processing a malformed LDAP request, it is possible to cause the handler to dereference a NULL pointer. This results in the process crashing. Future connection requests will be accepted by the listener process, and then immediately closed when it finds that there is no handler process running. iDefense confirmed the existence of this vulnerability in Oracle Internet Directory for Windows version 10.1.4.0.1 with the April 2007 CPU installed. Previous versions may also be affected.
b68c1567bcbb9c57e54d5c5d2a26fa9cc93258efcc805e6245e76fe2cfb9c7e1NGSSoftware Insight Security Research Advisory - Oracle Application Server installs a number of PLSQL packages in the backend database server. One of these is the WWV_RENDER_REPORT package and it is vulnerable to PLSQL injection. This package uses definer rights execution and therefore executes with the privileges of the owner, in this case the highly privileged PORTAL user.
9b8fadd595dfccce56403731ee006274cd61e8b1f62476460b18211d7135e98ePHP Help Agent versions 1.1 and below suffer from a local file inclusion vulnerability.
d228e4620f6d46855c910e0ee0034c1289e83d8a470bb3bc85bb846e18f0e696Gentoo Linux Security Advisory GLSA 200807-09 - Jakub Wilk discovered a directory traversal vulnerability in the applydiff() function in the mercurial/patch.py file. Versions less than 1.0.1-r2 are affected.
8ba915a371fc50a3c2124719eb6c3a88e505ac6dad72fdd25bb38ba853d04f11Debian Security Advisory 1569-3 - Since the previous security update, the cacti package could no longer be rebuilt from the source package. This update corrects that problem. Note that this problem does not affect regular use of the provided binary packages (.deb).
dc36fff9689e4aaf063e726c1168b13fa138e673807e06ed013c70027925613eSecunia Security Advisory - S.W.A.T. has reported a vulnerability in Maian Weblog, which can be exploited by malicious people to bypass certain security restrictions.
9d9e9ecd445267ed104279e3935d2ef3781881eef91fd232e50244da21aab196Secunia Security Advisory - Ubuntu has issued an update for pcre3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
47e9d19a48824b1dd3093c3addbe43db7fbb644abf6a652316462ed1ffd4e855Secunia Security Advisory - A weakness has been reported in Firebird, which can be exploited by malicious users to disclose system information.
6a6dbbd6a5904957560902767e4db4410a8d0e4842bb86d960d714e117470ce7Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
39cf2a4b64ea876a0e9eb5347e8edb112626da7c7e2e361315c4ceafbb237eadSecunia Security Advisory - S.W.A.T. has reported a vulnerability in Maian Uploader, which can be exploited by malicious people to bypass certain security restrictions.
188ec856e4c96e642148c9f2faaac3a333f369b6a6970049c73f69ace4e8d491Secunia Security Advisory - cOndemned has discovered a vulnerability in CodeDB, which can be exploited by malicious people to disclose sensitive information.
f9cfb7acbc5e2eb7ee3c856ee1d022cd658e9b9d18c92bacd5d27da59e4336e7Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-sun. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.
06562b8d35c58b620a9de412137031e6de42fd24b5b04b6954d28f4736611f17Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
bbbf7e72b0e9826506c07ad87097c221660aafd219ae2b45a69139fc609a3c97Secunia Security Advisory - Some vulnerabilities and a weakness have been reported in Firebird, which can be exploited by malicious users to cause a DoS (Denial of Service) and disclose system information, and by malicious, local users to disclose sensitive information.
9f86bc4f30952e48c42b78d9daa76bc4b28c9a823a5d8c40fcf8c59807273b17Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
93f32c6c172209a8f123a037d3e5720d8063bcecf59766d0cc0f967ab5171bcd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed