Section: .. / 0610-advisories /
| /// File Name: |
Oracle-MDSYS.SDO_LRS.txt |
Description:
|
The Oracle package MDSYS.SDO_LRS contains a SQL injection vulnerability in the first parameter of convert_to_lrs_layer. Oracle forgot to fix this problem with the April CPU. Oracle fixed these vulnerabilities with the package DBMS_ASSERT. To exploit this vulnerability it is necessary to have the privilege to create a PL/SQL-function.
| | Homepage: | http://www.red-database-security.com/ | | File Size: | 1634 | | Last Modified: | Oct 27 16:01:33 2006 |
| MD5 Checksum: | c08a866ee3e3b65c0affcb9875a99500 |
|
| /// File Name: |
Oracle-SYS.DBMS_SQLTUNE_INTERNAL.tx..> |
Description:
|
The package DBMS_SQLTUNE_INTERNAL contains SQL injection vulnerabilities. in I_SET_TUNING_PARAMETER and SELECT_SQLSET. Oracle fixed this by using bind variables in their dynamic SQL statements.
| | Homepage: | http://www.red-database-security.com/ | | File Size: | 1216 | | Last Modified: | Oct 27 16:01:58 2006 |
| MD5 Checksum: | 664b8704b1300b92075f054130c86a3b |
|
| /// File Name: |
Oracle-WWV_FLOW_UTILITIES.txt |
Description:
|
The list of values (LOV) in Oracle wwv_flow_utilities.gen_popup_list contains a SQL injection vulnerability. Depending of the APEX application it is possible to inject custom SQL statements.
| | Homepage: | http://www.red-database-security.com/ | | File Size: | 2379 | | Last Modified: | Oct 27 15:58:53 2006 |
| MD5 Checksum: | 6ffde6f3c95ad4d2c95266135d924694 |
|
| /// File Name: |
Oracle-XDB.DBMS_XDBZ0.txt |
Description:
|
The package XDB.DBMS_XDBZ0 contains SQL injection vulnerabilities in the procedure enable_hierarchy_internal [DB01], disable_hierarchiy_internal [DB15]. Oracle fixed this problem by using bind variables and verifying table names.
| | Homepage: | http://www.red-database-security.com/ | | File Size: | 1266 | | Last Modified: | Oct 27 16:02:52 2006 |
| MD5 Checksum: | d06a30dc9b5e57841ebbd5718c7ab958 |
|
| /// File Name: |
Oracle9i-views.txt |
Description:
|
Oracle 9i - 10g Rel.2 Advisory: Updates, deletes and inserts are possible with least-privilege via inline views. A user with create session only can insert/update/delete data (e.g. the dual table). This bug is similar but not identical to the bug which was fixed in the July 2006 CPU (Modify Data via views). No workarounds available.
| | Homepage: | http://www.red-database-security.com | | File Size: | 1283 | | Last Modified: | Oct 27 16:00:20 2006 |
| MD5 Checksum: | cf762d9e0c828e3656cb4ee534d82499 |
|
| /// File Name: |
OracleReports.txt |
Description:
|
The Oracle Reports parameters showenv [REP01], parsequery [REP01], cellwrapper [REP02] and delimiter [REP02] are vulnerable against Cross-Site-Scripting.
| | Homepage: | http://www.red-database-security.com | | File Size: | 1312 | | Last Modified: | Oct 27 16:01:01 2006 |
| MD5 Checksum: | 6060750eb30eee3c2bd69fdd13b518c5 |
|
| /// File Name: |
PacSec-cgi.pm.txt |
Description:
|
PacSec Hype Security Team - Param injection in CGI.pm and inheritors allows SQL injection and manipulation of data bypassing many perl web form validators.
| | Author: | Dragos Ruiu | | Homepage: | http://pacsec.jp | | File Size: | 7429 | | Last Modified: | Oct 17 15:30:52 2006 |
| MD5 Checksum: | aa821f7deecb86fa3e684d7e5ca1e288 |
|
| /// File Name: |
ParallelsDesktop.txt |
Description:
|
Parallels Desktop for Mac - Build 1940 creates files with insecure permissions.
| | Author: | naif | | File Size: | 687 | | Last Modified: | Oct 30 16:34:38 2006 |
| MD5 Checksum: | 7fea36f2e5a30f01bd80e037eb9407c6 |
|
| /// File Name: |
Pebble2.0.0.txt |
Description:
|
Pebble 2.0.0 RC1 and 2 suffer from a cross site scripting vulnerability.
| | Author: | Paolo Perego | | File Size: | 783 | | Last Modified: | Oct 4 17:34:57 2006 |
| MD5 Checksum: | cc86c9357f168bfbfcc6c256249a84f5 |
|
| /// File Name: |
php-fd.txt |
Description:
|
The php functions "exec", "system", "popen" (and similar) keep file descriptors of the parent process opened. When a new process is run this program will inherit all opened file descriptors of its parent. This can be used by hostile programs to listen and accept connections on port 80, or write to the apache log files.
| | Author: | dimmoborgir | | File Size: | 3019 | | Last Modified: | Oct 20 21:26:14 2006 |
| MD5 Checksum: | f0a82fec42256efad3a2369ac7143e34 |
|
| /// File Name: |
PHP-Post.txt |
Description:
|
PHP-Post suffers from multiple input validation vulnerabilities.
| | Author: | HACKERS PAL | | Homepage: | http://www.soqor.net | | File Size: | 3782 | | Last Modified: | Oct 9 19:16:20 2006 |
| MD5 Checksum: | c5987346c552e8fda21a604540d5ac61 |
|
| /// File Name: |
PHPADSNEW-SA-2006-002.txt |
Description:
|
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2006-002: Some scripts inside the admin interface were displaying parameters collected by the delivery scripts without proper sanitizing or escaping. The delivery scripts have public access, while the admin interface is restricted to logged in users. An attacker could inject HTML/XSS code which could be displayed/executed in a later time inside the admin interface.
| | Homepage: | http://phpadsnew.com/ | | File Size: | 1678 | | Last Modified: | Oct 27 15:55:00 2006 |
| MD5 Checksum: | 9eedf157e1b34d5f05630a8cee490cfd |
|
| /// File Name: |
phpFaber_cms.txt |
Description:
|
phpFaber CMS versions 1.3.36 and below suffer from a cross site scripting flaw.
| | Author: | Vigilon | | Homepage: | http://www.vigilon.com | | File Size: | 2250 | | Last Modified: | Oct 30 17:01:05 2006 |
| MD5 Checksum: | 0c039db7dcebac797d14d3fd052d92ae |
|
| /// File Name: |
PHPInvoice2.2.txt |
Description:
|
PHP Invoice 2.2 suffers from a cross site scripting vulnerability.
| | Author: | meto5757 | | File Size: | 854 | | Last Modified: | Oct 3 19:41:54 2006 |
| MD5 Checksum: | 628df92fb014268a7135ed90331df49e |
|
| /// File Name: |
phpMyAdmin-csrf.txt |
Description:
|
Hardened-PHP Project Security Advisory: phpMyAdmin Multiple CSRF Vulnerabilities.
| | Homepage: | http://www.hardened-php.net | | File Size: | 5766 | | Last Modified: | Oct 4 17:06:56 2006 |
| MD5 Checksum: | 4cb47313bc351922a7c57c7f81b9dfcf |
|
| /// File Name: |
polycomDoS.txt |
Description:
|
The PolyCom IP-301 VoIP desktop phone suffers from multiple denial of service issues.
| | Author: | Shawn Merdinger | | File Size: | 722 | | Last Modified: | Oct 8 23:04:46 2006 |
| MD5 Checksum: | 2817fa2a20e9c0c62c135cd5b620d58f |
|
| /// File Name: |
PostNuke0.762.txt |
Description:
|
The admin section of PostNuke 0.762 suffers from a SQL injection flaw.
| | Author: | Omid | | Homepage: | http://www.hackers.ir/. | | File Size: | 2241 | | Last Modified: | Oct 4 15:34:23 2006 |
| MD5 Checksum: | fb3196ac8d6dfdf47b1c03715d7a3203 |
|
| /// File Name: |
PR06-03b.txt |
Description:
|
PR06-03b: The F5 FirePass 1000 SSL VPN application version 5.5, and possibly earlier versions, is vulnerable to Cross-Site Scripting within the sid" field of the "my.acctab.php3" program.
| | Author: | research | | File Size: | 1794 | | Last Modified: | Oct 20 19:29:59 2006 |
| MD5 Checksum: | 64fb1159600fd731199cea0ab42f296e |
|
| /// File Name: |
Practical_Onion_Hacking.pdf |
Description:
|
Paper describing simple means of finding the true address of Tor clients, if they are browsing an HTTP (non-encrypted) website and exit through an exit node which you control. Presents technique for using iptables to inject Javascript, Flash, into web traffic to persuade the client to temporarily bypass the Tor network.
| | Author: | Andrew Christensen | | Homepage: | http://www.fortconsult.net | | File Size: | 766554 | | Last Modified: | Oct 16 09:58:23 2006 |
| MD5 Checksum: | 1322149c90aacaf2247d2beb3ea8beda |
|
| /// File Name: |
R7-0025.txt |
Description:
|
Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux - The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is included with this advisory.
| | Author: | Rapid7 | | Homepage: | http://www.rapid7.com/ | | Related Exploit: | nv_exploit.c | | File Size: | 5912 | | Last Modified: | Oct 17 18:04:11 2006 |
| MD5 Checksum: | 6860ab12211a9c8728dd9c2012ba6b61 |
|
| /// File Name: |
R7-0026.txt |
Description:
|
Rapid7 Advisory R7-0026 - HTTP Header Injection Vulnerabilities in the Flash Player Plugin. Two HTTP Header Injection vulnerabilities have been discovered by Rapid7 in the Flash Player plugin. They allow attackers to perform arbitrary HTTP requests while controlling most of the HTTP headers. This can make it easier to perform CSRF attacks [2] in some cases. When the HTTP server implements Keep-Alive connections and when Firefox is used, these Flash vulnerabilities can even be used to perform totally arbitrary HTTP requests where every part is controlled by the attacker: HTTP method, URI, HTTP version, headers, and data. Such attacks make use of the HTTP Request Splitting method.
| | Author: | Rapid7 | | Homepage: | http://www.rapid7.com/ | | File Size: | 13914 | | Last Modified: | Oct 20 19:45:01 2006 |
| MD5 Checksum: | 4fc4021a024f3424cfd3af1d82526c4d |
|
| /// File Name: |
RISE-2006002.txt |
Description:
|
There exists a vulnerability within a architecture dependent function of the FreeBSD kernel (FreeBSD 5.2-RELEASE through FreeBSD 5.5-RELEASE), which when properly exploited can lead to local compromise of the vulnerable system. This vulnerability was fixed in FreeBSD 6.0-RELEASE, but production (legacy) releases 5.2 through 5.5 are still vulnerable.
| | Author: | RISE Security | | Homepage: | http://www.risesecurity.org/ | | File Size: | 5765 | | Last Modified: | Oct 3 20:45:32 2006 |
| MD5 Checksum: | c0e9b3fed5a808b71477f31faa9eb155 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
