NGSSoftware Insight Security Research Advisory #NISR05012005I - IBM's DB2 database server contain four XML functions that can be used to read and write files on the system. Systems Affected: DB2 8.1.
b96a26b299af6b8dfd51f75246b6c5b612402295c834c9712ad99334ce4a205fDBCInfoTech CMS version 2.0 suffers from an unauthenticated administrator reinstall vulnerability.
ee4695049fa78cdc4416bf9c9d888b2f016dd969d8de33f1716e9c35a8c42a9fDatabase Compilation CMS version 1.2 suffers from a cross site scripting vulnerability.
41dfaf16a4c47fea593fb45f93fc14105292738379e4e7bfcd9673351628b411DBD E-Commerce version 2.0.6 suffers from a remote SQL injection vulnerability.
7e266b432c4a53c2aa3c0144285e0731a483b8a5a8115d7ba8cdbd41c09cd4bdDiskBoss Enterprise version 11.0.24 suffers from an unquoted service path vulnerability.
b8a496a749b12b6da10d73626a338d840d5337d3bd8bff7c3e415adcf76b1d04DiskBoss Enterprise version 8.4.16 suffers from a local buffer overflow vulnerability.
d31cd4e67cca649797128b20d0b177cf1f83d9367ecdd996dbd04d5f317b2ff8DiskBoss Enterprise version 8.4.16 suffers from an import command buffer overflow vulnerability.
d7c0ede8c236e11bbaad0ae423654cad914ee3e9daac54527d87d869ba12f6a9DiskBoss Enterprise version 8.4.16 buffer overflow proof of concept exploit.
a6fdae67ed7fbf00f947fcf9d2978c0118c03da4e4413bceed8fb193d9da5b1dDiskBoss Enterprise version 8.3.12 suffers from a buffer overflow vulnerability.
acb4fa7dcfe7eccbd292c4cc9ee7681e572e6a9ac6b1bd1ae8607a988cb20793DiskBoss Enterprise version 8.2.14 import command buffer overflow exploit.
6789602eb6212a778f3a4532421ad55dbdc0b8ed8c312c5cf050a967d7c7ac27An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases. The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user (typically 'mysql').
01f753f3d94e735ce76518cc2e604e919a99e02cf0b9361221ae6463f8e2aed2dbdiff suffers from a cross site scripting vulnerability.
deb9dbf9c5132aac890cdebf0b63c75e07bd93380bca4dbb8e7a98efd031ee6dDBCart suffers from a remote SQL injection vulnerability.
37b2258cb27131087e6189926ec3aa5725e8d32f55b5925f5efa350bd558368bDB[CMS] version 2.01 suffers from a remote SQL injection vulnerability.
44234ce1854d19e521ad5231f84874ecfbff31521a75b87712cbe98d1b93adc9NGSSoftware Insight Security Research Advisory - Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required.
5121c42e5d2e8b18156a9dd21c0939cd3a695ecc1539eda09d741e19ef556402NGSSoftware Insight Security Research Advisory - Oracle Application Server installs a number of PLSQL packages in the backend database server. One of these is the WWV_RENDER_REPORT package and it is vulnerable to PLSQL injection. This package uses definer rights execution and therefore executes with the privileges of the owner, in this case the highly privileged PORTAL user.
9b8fadd595dfccce56403731ee006274cd61e8b1f62476460b18211d7135e98eNGSSoftware Insight Security Research Advisory - It is possible to cause the Java Virtual Machine to overwrite an arbitrary memory location with an arbitrary value (repeatedly and in a stable manner) when parsing a malformed TrueType font. JDK and JRE versions 5.0 Update 9 and below as well as SDK and JRE versions 1.4.2_14 and below are affected.
0f0ebea1254e1ec07669df846e6a69c1b0b5d28d5ec47a79fc20ee4ef9e02c1bNGSSoftware Insight Security Research Advisory - JDK and JRE versions 6 Update 1 and below, 5.0 Update 11 and below, and SDK and JRE versions 1.4.2_14 and below contain a vulnerability that allows an untrusted applet to violate the network access restrictions placed on it by the Java sandbox.
9a7c6871dff0c09ab04b8fb752675bf310bc954b330129c49fbe3633fb2bc29cNGSSoftware Insight Security Research Advisory - The Oracle XML DB ftp service contains problems with auditing logins.
2639ac2b24b2c8d5133eff124f15167a71fbd4375eea39277529464a214d3dceNGSSoftware Insight Security Research Advisory - The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a denial of service condition.
e7b0e95883d2072b1a56b5fdfcf4738223ad9c7c04551753f7ce3368ba5e986cNGSSoftware Insight Security Research Advisory - The Oracle TNS Listener suffers from denial of service and/or remote memory inspection vulnerabilities. Systems affected include Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9.
2df77d5f0342cb6ee96c1251a4daebb88b481263665cf072ef864d3780bd5b37NGSSoftware Insight Security Research Advisory - The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection. The Workspace Manager, owned by SYS, contains a package called LT. This package is owned and defined by the SYS user and can be executed by PUBLIC. LT contains a procedure called FINDRICSET which calls the FINDRICSET package in the LTRIC package. This is vulnerable to SQL injection and can be abused by an attacker to gain SYS privileges.
5df31c6c9790c218a2a5535198524baba532d40fd776334551174739a7f50ba0NGSSoftware Insight Security Research Advisory - The Intermedia application, owned by CTXSYS, contains a package called CTX_DOC. This package contains multiple SQL injection flaws.
b9ba2ce84bdcab48f900e299204898570d236d962e46142d20245fc29727b497dbdisplay.pl is susceptible to an arbitrary code execution vulnerability.
47a5e85ad83ab5cb2548a3e76210ec4cd7cb26a041537257ac1b17baf4fcb9bcIBM's DB2 suffers from a remote denial of service condition during CONNECT processing.
e3fb513c3bd7301e0e847c155ed0caa6b969013f311609b7d19963f17e1da5d3An attacker can send a specially crafted ACCSEC command during the handshake process with the server, causing the server process to crash in the DB2 Universal Database versions 8.x.
1a8410f5b85a180b22f0f8b9883db77dd9e57286bb5e6f8f59e05eba2bfa3d57
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed