The recent Oracle exploit posted to Bugtraq
(http://www.securityfocus.com/archive/1/431353) is actually an 0day
and has no patch.
The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
TYPE_NAME that references an attacker-defined package with a
(modified?) ODCIIndexGetMeta
==
Secunia Research 28/04/2006
- Servant Salamander unacev2.dll Buffer Overflow Vulnerability -
==
Table of Contents
Affected
---
[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() Syslog() Format String
Vulnerability
---
Author : Dedi Dwianto
WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability
By Sowhat of Nevis Labs
Date: 2006.04.28
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060428.txt
CVE: N/A
Vendor
WinISO Computing Inc.
EZB Systems, Inc.
MagicISO Inc.
PowerISO Computing, Inc.
Affected
#Aria-Security.net Advisory
#Discovered by: O.u.t.l.a.w
# www.Aria-security.net
#Gr33t to: A.u.r.a [EMAIL PROTECTED] Smok3r
#---
Software: SirceOS Operative Solutions
Link: http://www.circeos.it
Attack method: Cross Site Scripting
Yahoo! Mail XSS vulnerability
Description:
Yahoo! Mail is a very insecure and free Web Mail
service. It allows HTML messages but it has filters to
avoid malicius script being executed on users
browsers. On 17 April 2006 I received a message that
when viewed it redirected to a fake Yahoo! Mail
David is right, we also have reported hundreds of
vulnerabiities to Oracle and they only fix what you
report to them, they don't care to fix the same
vulnerability on different portions of code, one good
example is that Oracle should have eliminated SQL
injection bugs since long time ago but there
Original Advisory :
http://kurdishsecurity.blogspot.com/2006/04/coolmenus-event-remote-file-include.html
#ColMenus Event Remote File Include Vulnerability#
#Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus [Closed]
#Script : CoolMenus v4.0 Event Script
#Risk : High
#Class :
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Original Advisory :
http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-include.html
#Artmedic Event Remote File Include Vulnerability
#Website : http://www.artmedic.de/
#Script : Artmedic Event Script
#Risk : High
#Class : Remote
#Greetz : B3g0k,Nistiman,Flot,Netqurd
Cesar, David and Steve,
I agree with your opinion. Oracle is not really fast fixing security
issues.
Currently I have 40+ OPEN/UNFIXED security issues in Oracle products. A
detailed list from Oracle secalert (Report March 2006) can be found at
the end of this email or (the latest version) on my
The recent Oracle exploit posted to Bugtraq
(http://www.securityfocus.com/archive/1/431353) is actually an 0day
and has no patch.
The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
TYPE_NAME that references an attacker-defined package with a
(modified?) ODCIIndexGetMeta
12 matches
Mail list logo