Websecurity - Веб безпека

Вийшов черговий пакет оновлень до Oracle (critical patch update).

Уразливі продукти: Oracle 9i, Oracle 10g, Oracle Secure Enterprise Search 10g, Oracle Application Server 10g, Oracle10g Collaboration Suite, Oracle E-Business Suite Release 11i, Oracle E-Business Suite Release 12, Oracle Enterprise Manager 9i, PeopleTools 8.48, PeopleTools 8.47, PeopleTools 8.22, Human Capital Management 8.9, JD Edwards EnterpriseOne Tools 8.96.

Пакет виправлень усуває 36 уразливостей в продуктах Oracle, включаючи 13 уразливостей сервера баз даних.

• Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL (деталі)
• ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vulnerability (деталі)
• ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability (деталі)
• Bypass Oracle Logon Trigger (деталі)
• SQL Injection in package SYS.DBMS_AQADM_SYS (деталі)
• SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (деталі)
• Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search (SES) (деталі)
• Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01] (деталі)
• Oracle Critical Patch Update - April 2007 (деталі)

This entry was posted on 23:42 27.04.2007 and is filed under Новини, Помилки. You can follow any responses to this entry through the RSS 2.0 feed.