|
|
Colapse all |
Post message
Advisory: XSS Vulnerability in Oracle Secure Enterprise Search [SES01] 2007-04-18 ak red-database-security com Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks 2007-04-18 Praburaajan (prabu hackinthebox org) Greetings from sunny Malaysia! This is a reminder that the Call for Papers for the upcoming HITBSecConf2007 - Malaysia is closing on the 1st of May. HITBSecConf2007 - Malaysia is set to take place from the 3rd till the 6th of September in Kuala Lumpur. Our event last year attracted over 600 attende [ more ] [ reply ] Advisory: SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL 2007-04-18 ak red-database-security com NukeSentinel Bypass SQL Injection & Nuke Evolution <= 2.0.3 SQL Injections 2007-04-18 programmer serbiansite com PROGRAM: Nuke-Evolution & NukeSentinel HOMEPAGE: http://www.nuke-evolution.com/ VERSION: All versions BUG 1 NukeSentinel Bypass SQL Injection Protection BUG 2 Nuke Evolution <= 2.0.3 SQL Injections vulnerabilities AUTHOR: Aleksandar NukeSentinel Bypass SQL Injection Protection nukesentinel.php Lin [ more ] [ reply ] iDefense Security Advisory 04.17.07: McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow 2007-04-18 iDefense Labs (labs-no-reply idefense com) McAfee VirusScan On-Access Scanner Long Unicode File Name Buffer Overflow iDefense Security Advisory 04.17.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 17, 2007 I. BACKGROUND McAfee VirusScan is an AntiVirus application that offers protection against the latest computer virus thr [ more ] [ reply ] Mambo/Joomla Component New Article Component RFI 2007-04-15 meftun meftunnet com ================================================= Mambo/Joomla Component New Article Component <= 1.1 (absolute_path) Multiple RFI ================================================= Found By : C-W-M Special Thnx ; Eskobar, Poizonb0x, eno7, DoubleKickx =============================================== [ more ] [ reply ] Cross Domain XMLHttpRequest 2007-04-15 Michal Majchrowicz (m majchrowicz gmail com) Due to "security reasons" many Web Browsers doesn't allow cross domain XMLHttpRequests. In fact this is only troublesome for web developers and not for virus coders/crackers/etc. Some time ago there was presetened a technic which used cssText property to perform some cross domain requests. After som [ more ] [ reply ] Re: [Full-disclosure] A Botted Fortune 500 a Day 2007-04-13 Steven Adair (steven securityzone org) (1 replies) Is this in anyway surprising? I think we all know the answer is no. Many Fortune 500 companies have more employees than some ISPs have customers. Should we really expect differently? Also, as a side note, I would like to add that just because SPAM is coming from a certain gateway does not necess [ more ] [ reply ] Re: [Full-disclosure] A Botted Fortune 500 a Day 2007-04-13 Jamie Riden (jamie riden gmail com) (1 replies) Re: [Full-disclosure] A Botted Fortune 500 a Day 2007-04-13 Steven Adair (steven securityzone org) (1 replies) Re: [Full-disclosure] A Botted Fortune 500 a Day 2007-04-13 Jamie Riden (jamie riden gmail com) (1 replies) WASC-Articles: 'The Importance of Application Classification in Secure Application Development' 2007-04-16 contact webappsec org The Web Application Security Consortium is proud to present 'The Importance of Application Classification in Secure Application Development' by Rohit Sethi. In this article Rohit describes the importance of Application Classification during the secure development process. This document can be f [ more ] [ reply ] Re: Internet Explorer Crash 2007-04-17 Thor (Hammer of God) (thor hammerofgod com) Actually, I just get a message that says "A script on this page is causing Internet Explorer to run slowly." But my CPU usage for iexplore.exe is only at 20, and my system didn't slow down in the least. I went ahead and told IE to continue to run the script, and pops up again in a bit asking me [ more ] [ reply ] Re: [Full-disclosure] Cross Domain XMLHttpRequest 2007-04-15 ascii (ascii katamail com) Michal Majchrowicz wrote: > Due to "security reasons" many Web Browsers doesn't allow cross > domain XMLHttpRequests. [..] hi Michal, personally i don't get your point (to me it seems just an hybrid implementation using both server side and client side scripting) but i'm sure you can better explai [ more ] [ reply ] ShoutPro 1.5.2 - arbitrary code execution 2007-04-17 jd2k2000 hotmail com <?/* File: shoutbox.php Affects: ShoutPro 1.5.2 (may affect earlier versions) Date: 17th April 2007 Issue Description: ======================================================================== === ShoutPro 1.5.2 fails to fully sanitize user input ($shout) that it writes to the shouts.php file when a [ more ] [ reply ] SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass 2007-04-16 research symantec com Gizzar <= (basePath) Remote File Include Vulnerability 2007-04-16 BorN To K!LL BorN To K!LL (q t i hotmail com) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Gizzar <= (basePath) Remote File Include Vulnerability Download: http://mesh.dl.sourceforge.net/sourceforge/gizzar/gizzar-03162002.tar.gz Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in: index.php c [ more ] [ reply ] |
|
Privacy Statement |
Systems Affected Oracle Secure Enterprise Search 10.1.6- SES
Severity Medium Risk
Category Cross Site Scripting (XSS/CSS)
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Da
[ more ] [ reply ]