Onapsis Security Advisory - By exploiting an arbitrary file access vulnerability in the SAP J2EE Core Services, a remote unauthenticated attacker may be able to compromise the entire ERP system.
da3f2ea2375b491dc09f2e39744d27613ea5e3233a1d79d58c43b34842597e24This paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.
13625ce6c755c96192b50c4a415d4bee4bd21c7137c469ce62b2ea3b7d46cc76Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.
90263b999fd3713c409e968fef5750efe496d3c670dd404aa00e7175cccf16dfTeam SHATTER Security Advisory - Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable to an arbitrary URL redirection/phishing vulnerability. An attacker may inject an arbitrary URL into the web application and force the application to redirect to it without any validation. This vulnerability can be used in phishing attacks to trick legitimate users to visit malicious sites without realizing it. The affected link and parameter are /em/console/database/xdb/XDBResource and cancelURL. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
3e1f7b8dd952616f02834e723183cf85039124c2b4eabdfbed4d636fa1c09feaRuby Parser version 2.0.4 insecurely creates files in /tmp that can allow for a denial of service condition.
094657d654b5045e05adb6d836d052776e6708bb9e26629a4ff9504e67047580Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/streams/queue in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
e191ca74b3adea6783bc6eb3b8f33d2b663130f5a1a8d124b4e8d1b20dcac05dNagios NRPE versions 2.13 and below suffer from a remote command execution vulnerability.
e554055ae18cd9fe6bcd14421d423114eca4f1e47b88e319df4e7a81bb4acf86Team SHATTER Security Advisory - Some parameters of /em/console/ecm/config/savedConfig in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
42308000e542a1d9278b369616e91a8854bbced5e3b206cdf115c4e4f9d06e57Team SHATTER Security Advisory - Some parameters of /em/console/database/dbclone/dBClone in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
5897aa6dffb670f996eeb60355e6b635c67ef10810f2429ce976f48422097393Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.
b9fa27961da95e0e64a0970f55bd1166292455bd7ad40a519c24ce582e12a1ecTeam SHATTER Security Advisory - An attacker hosting a malicious web site can execute SQL statements in the backend database when an administrator with an open session in Oracle Enterprise Manager web application visits the malicious web site. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
49571641e710a1ec758dcec0e1e03620a16c0aef2ccc5eac49327bf8c09b5f3cTeam SHATTER Security Advisory - The 'pagename' parameter of web page /em/console/ecm/policy/policyViewSettings in Oracle Enterprise Manager is vulnerable to HTTP response splitting attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
16aeb9e7d9c1810b12977db09de9e12bb6519a3538e04f77b3203555af5bc05eOnapsis Security Advisory - The SAP Portal "Federation" configuration pages do not properly handle authentication, exposing the entire Portal infrastructure.
ec578a095f1a6d51c543b8f60172c4da01037681852bb0569b01951f9eb78573Team SHATTER Security Advisory - GeoRaster is a feature of Oracle Spatial that lets you store, index, query, analyze, and deliver GeoRaster data. One of the GeoRaster APIs is prone to stack-based overflow.
3a93180b3014610b665d5b8cce7d1ac694474a16caebae59d56cfa7c1dcef3afTeam SHATTER Security Advisory - Oracle Enterprise Manager Database Control XML Database Resources page is vulnerable to a cross site scripting vulnerability. An attacker may inject malicious code into the web application and trick a legitimate user into executing it by various methods. Affected versions include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
d99af9ee753df748afa8622681887b09396561432184ac0aa41308d6c823185aThe Samsung Galaxy S3 w/ Android version 4.1.2 suffers from a bypass vulnerability due to S-Voice allowing the launch of any command even when the screen is locked.
f859a2a4bfd30be0e55663fe5c258853b5ad3a563064a6354107e8e25a8fc7ccUbuntu Security Notice 1743-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
705dae3f9be8344b571b6b9a8c3284099be0058b09273df2dfcbac465c97e537Ubuntu Security Notice 1742-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
263f44f049c6dc57c6f2d29fd51ab6e9a6a23acbd53a47534ad2b6abddb3ce41Ubuntu Security Notice 1741-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
eb2c5bd4dfc428ab867253b2af2dcc1b2cdd1973887db258045f6a16c3a74b25Ubuntu Security Notice 1740-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
e1fdabab72af4143124c0ab88ecbab3fccaa33dddd0986932cf63009220ed845Ubuntu Security Notice 1739-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
58b0c3ab55d814a0de2780b66cfcb90279094bfa49ea7e219cbc6f285d43ef49Ubuntu Security Notice 1738-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
473f39dbfe2b310d358455320893c8f03c0a0e0f16502df8f41ca7601bbddbe8Ubuntu Security Notice 1737-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
d4706f73edfaf7396bc83d22e3a782836f94b2cdf76572a50614650e19abd845Ubuntu Security Notice 1745-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
9d4310af2ab2d674ea50ec8b0a5935369bae9e6f1691b71538f3f19cf84afb53Ubuntu Security Notice 1744-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.
93d1156c3ee62445d44798d63acaf85ec5c33b8f8d64eeca80c0636e8ada95dc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed