CVE-2009-0984 (database_10g, database_11g, database_9i) Unspecified vulnerability in the Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_SYS_SQL. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0984
Posts Tagged ‘Database’
0973 (database_10g)
CVE-2009-0973 (database_10g) Unspecified vulnerability in the Cluster Ready Services component in Oracle Database 10.1.0.5 allows remote attackers to affect availability via unknown vectors. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0973
0972 (database_10g, database_11g, database_9i)
CVE-2009-0972 (database_10g, database_11g, database_9i) Unspecified vulnerability in the Workspace Manager component in Oracle Database 11.1.0.6, 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0972
6706 (communication_manager, sip_enablement_services)
CVE-2008-6706 (communication_manager, sip_enablement_services) Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts “subscriber table passwords,” (4) a system [...]
- Security Database Tools Latest updates
[Tools Updates] – Security Database Tools Latest updates Posted by SD List on Apr 9 Find these news live from www.security-database.com/toolswatch/ [+] Nessus version 4.0 released Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost… URL: http://seclists.org/pen-test/2009/Apr/0059.html
Student privacy bill spurs debate in Augusta
Student privacy bill spurs debate in Augusta Students, parents and school administrators all told lawmakers the Department of Education should stop collecting the names of students disciplined by schools and keeping them in a database, but Commissioner Susan Gendron warned that could jeopardize all federal funds for education that come to the state. Source – [...]
Next-gen SQL injection opens server door
Next-gen SQL injection opens server door A vulnerability estimated to affect more than 1 in 10 websites could go lethal with the finding that it can be used to reliably take complete control of the site’s underlying server. Research to be presented at the Black Hat security conference in Amsterdam later this month will show [...]
6592 (lightneasy, sqlite)
CVE-2008-6592 (lightneasy, sqlite) thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy “no database” (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6592
6591 (lightneasy)
CVE-2008-6591 (lightneasy) LightNEasy “no database” (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6591
6590 (lightneasy, sqlite)
CVE-2008-6590 (lightneasy, sqlite) Multiple directory traversal vulnerabilities in LightNEasy “no database” (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6590
6589 (lightneasy, sqlite)
CVE-2008-6589 (lightneasy, sqlite) Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy “no database” (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6589
Intel Launches Enterprise –Class Xeon Processor 5500 series
Intel Launches Enterprise ¡VClass Xeon Processor 5500 series Intel introduced 17 enterprise-class processors, led by the Intel Xeon processor 5500 series. Designed for addressing the increasing computing needs of many industries, the new enterprise-class chips can automatically adjust to specified energy usage levels, and speed data center transactions and customer database queries, said R.Ravichandran, Director [...]
lotus notes default objects(.nsf files) and actions
lotus notes default objects(.nsf files) and actions Posted by lister_at_lihim.org on Mar 30 In reading through the Blackhat presentation called ‘Falling Dominos’ there is mention of default .nsf databases and actions (slide 50). Is there a resource that provides the default list of .nsf databases? I am also interested in any default actions/methods. Not sure [...]
Watch your Internet routers!, (Mon, Mar 30th)
Watch your Internet routers!, (Mon, Mar 30th) ISC reader Nick contacted us to share information about an Internet router at his workplace that got hacked this weekend. There’s several nuggets to learn from in this story, so here goes. 3/28/2009 8:34:02 Authen OK test 3/28/2009 8:34:04 test Default Group where cr 3/28/2009 8:34:05 test Default [...]
6537 (lightneasy)
CVE-2008-6537 (lightneasy) LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup “do” action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6537
