|
|
Prev week |
Colapse all |
Post message
Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB 2005-10-07 ak red-database-security com [security bulletin] SSRT051003 rev.1 - HP-UX Java Web Start remote unauthorized privileged access 2005-10-07 security-alert hp com [security bulletin] SSRT051043 rev.0 - Apache Remote Unauthorized access 2005-10-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01232 REVISION: 0 SSRT051043 rev.0 - Apache Remote Unauthorized access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. INITIAL RELEASE: 05 October 2005 POTENTIAL SECURITY IM [ more ] [ reply ] [SECURITY] [DSA 846-1] New cpio packages fix several vulnerabilities 2005-10-07 joey infodrom org (Martin Schulze) Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-06 Rainer Duffner (rainer ultra-secure de) David Litchfield wrote: > Hey, > I know you this wasn't your intent when you wrote it, but: > >> That means 70 000 000 ? spend by Larry for the silly Yacht - you, >> David, could charge 100 000 per day and still deliver more value. > > > I just want to make it clear that all I'm looking for from O [ more ] [ reply ] Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-06 Cesar (cesarc56 yahoo com) I support David 100% and I would like to add a few comments (I can't avoid doing this :)): I remember reading an article where Larry Ellison said that Oracle database server were used by FBI, CIA, USSR goverment, etc. he referenced that as saying our software is the most secure, top goverment agenc [ more ] [ reply ] Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-06 David Litchfield (davidl ngssoftware com) Hey, I know you this wasn't your intent when you wrote it, but: > That means 70 000 000 ? spend by Larry for the silly Yacht - you, David, > could charge 100 000 per day and still deliver more value. I just want to make it clear that all I'm looking for from Oracle is, not a job to review their [ more ] [ reply ] [USN-194-1] texinfo vulnerability 2005-10-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-194-1 October 06, 2005 texinfo vulnerability CAN-2005-3011 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [ GLSA 200510-05 ] Ruby: Security bypass vulnerability 2005-10-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-06 Rainer Duffner (rainer ultra-secure de) David Litchfield wrote: [snip sad Oracle track "record" on security] I must assume most of their code is written by some poor guys in a sweatshop in Bangalore or Shanghai today. And only those people can "fix" it, so if somebody finds a flaw, a "request to fix" is sent to Bangalore and fulfille [ more ] [ reply ] xloadimage buffer overflow. 2005-10-05 Ariel Berkman (aberkm1 uic edu) Hi, While creating a stripped down version of xloadimage, I have discovered three buffer overflows in xloadimage when handling the image title name. Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. [ more ] [ reply ] [ GLSA 200510-06 ] Dia: Arbitrary code execution through SVG import 2005-10-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) aspReady FAQ - open for SQL-injections 2005-10-06 preben watchcom no The free, open source project called "aspReady FAQ" is open for SQL-injection. This results is admin access with the ability change/delete the entire database. An example on SQL-inject that works could be: 1'or'1'='1 After doing a google search, I've found out that some companies are actually u [ more ] [ reply ] High Risk Vulnerability in Sun Directory Server 2005-10-06 NGSSoftware Insight Security Research (nisr ngssoftware com) Peter Winter-Smith of NGSSoftware has discovered high risk vulnerability in Sun Directory Server. This flaw can permit an unauthenticated attacker to remotely compromise the Directory server. Affected versions include: Sun Directory Server 5.2 (patch 3 and below) This issue has been resolved in t [ more ] [ reply ] WASC Threat Classification in 4 languages 2005-10-05 contact webappsec org The Web Application Security Consortium (WASC) is announcing the availability of the Web Security Threat Classification in English, Japanese, Spanish, and Turkish. The material is open source and provided in TXT, PDF, and DOC formats. The Web Security Threat Classification is a cooperative [ more ] [ reply ] [security bulletin] SSRT051004 rev.1 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege 2005-10-06 security-alert hp com Secunia Research: Webroot Desktop Firewall Two Vulnerabilities 2005-10-06 Secunia Research (vuln secunia com) Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities 2005-10-06 Secunia Research (vuln secunia com) [security bulletin] SSRT4743, SSRT4884 rev.1 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS) 2005-10-06 security-alert hp com Planet Technology Corp FGSW2402RS switch default password /"backdoor" 2005-10-06 lms fe up pt Hello all, Today i discovered a pseudo backdoor [thru a default password] while trying to reset the password on a Planet Technology Corp FGSW2402RS switch. Allthough i dont consider this to be a real problem since the only access seems to be thru the serial port, i would like to share this with th [ more ] [ reply ] RE: Some new whitepapers ... 2005-10-05 Lila Buchalski (lbuchalski iconsinc com) Has anyone written any white papers/articles on banking information security? I would be interested in publishing quality white papers/articles that had to do with any of the following: -Core banking application security -Identity theft -VoIP security -Compliance to information security regulati [ more ] [ reply ] [SECURITY] [DSA 845-1] New mason packages fix missing init script 2005-10-06 joey infodrom org (Martin Schulze) Announcement : Core Banking Application Security List 2005-10-05 Lila Buchalski (lbuchalski iconsinc com) Hello, Bankinfosecurity.com is creating a banking core application security mailing list. Much like Bankinfosecurity.com's content, the mailing list will serve as a reference tool for the banking information security community. Industry experts, vendors, and even people who are new to the Banki [ more ] [ reply ] PAKCON II: Call for Paper (CfP), Final Call! 2005-10-05 Ayaz Ahmed Khan (ayaz pakcon org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks: This is second round for the Call for Papers (CfP) for PAKCON II. We have couple of speaking slots left for the PAKCON II, Pakistan's Cyber Security Convention. It will be happening on 29th and 30th November, 2005 in Karachi, Pakistan. If you [ more ] [ reply ] Secunia Research: ALZip Multiple Archive Handling Buffer Overflow 2005-10-05 Secunia Research (vuln secunia com) Some new whitepapers ... 2005-10-05 David Litchfield (davidl ngssoftware com) Hey all, I've written two papers available from here http://www.ngssoftware.com/papers.htm The first deals with buffer _underruns_ , DEP and Address Space Layout Randomization on Windows. During the paper's review process I was pointed to http://www.phrack.org/show.php?p=58 which deals with the [ more ] [ reply ] [SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass 2005-10-05 joey infodrom org (Martin Schulze) Patches available for critical flaws in HP Openview 2005-10-05 NGSSoftware Insight Security Research (nisr nextgenss com) David and Mark Litchfield of NGSSoftware have discovered a number of critical and high risk vulnerabilities in HP Openview. The flaws can be exploited by attackers without valid credentials to fully compromise a vulnerable server. Windows, Linux. HP-UX and Solaris are all affected. These issues [ more ] [ reply ] |
|
Privacy Statement |
#######################################################################
Name Cross-Site-Scripting Vulnerabilities in Oracle XMLDB
Systems Affected Oracle HTMLDB
Severity Low Risk
Category
[ more ] [ reply ]