[CLOSE] OSVDB ID : 59488 - Disclosed: 2009-10-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

[CLOSE] OSVDB ID : 59489 - Disclosed: 2009-10-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

[CLOSE] OSVDB ID : 59490 - Disclosed: 2009-10-22

Description:

(Description Provided by CVE) : The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.

[CLOSE] OSVDB ID : 59491 - Disclosed: 2009-10-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

[CLOSE] OSVDB ID : 59922 - Disclosed: 2009-10-22

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.

[CLOSE] OSVDB ID : 59921 - Disclosed: 2009-10-22

Description:

(Description Provided by CVE) : The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.

[CLOSE] OSVDB ID : 59920 - Disclosed: 2009-10-22

Description:

(Description Provided by CVE) : The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.

[CLOSE] OSVDB ID : 61433 - Disclosed: 2009-10-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62359 - Disclosed: 2009-10-22

Description:

Auktionshaus contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'news.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 59121 - Disclosed: 2009-10-21

Description:

By default, JD Edwards EnterpriseOne Tools installs with a default password. An unspecified database account has a hardcoded and unchangeable password. This could allow attackers to trivially access the database.

[CLOSE] OSVDB ID : 59114 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Communications Order and Service Management component in Oracle Industry Applications 2.8.0, 6.2.0, 6.3.0, and 6.3.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

[CLOSE] OSVDB ID : 59184 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

[CLOSE] OSVDB ID : 59183 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

[CLOSE] OSVDB ID : 59107 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 59110 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.

[CLOSE] OSVDB ID : 59111 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 59099 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DMP_SYS.

[CLOSE] OSVDB ID : 59106 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK.

[CLOSE] OSVDB ID : 59105 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 59108 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.

[CLOSE] OSVDB ID : 59112 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LTRIC (WMSYS.LTRIC).

[CLOSE] OSVDB ID : 59115 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

[CLOSE] OSVDB ID : 59101 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 59103 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

[CLOSE] OSVDB ID : 59104 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

[CLOSE] OSVDB ID : 59109 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV.

[CLOSE] OSVDB ID : 59113 - Disclosed: 2009-10-21

Description:

Oracle Database Text contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ctxsys.drvxtabc.create_tables script not properly sanitizing user-supplied input to the 'idx_owner' and 'idx_name' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 59098 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors.

[CLOSE] OSVDB ID : 59102 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL.

[CLOSE] OSVDB ID : 59118 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors.

[CLOSE] OSVDB ID : 59116 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.

[CLOSE] OSVDB ID : 59117 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.

[CLOSE] OSVDB ID : 59126 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

[CLOSE] OSVDB ID : 59130 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Agile Engineering Data Management (EDM) component in Oracle E-Business Suite 6.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 59132 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

[CLOSE] OSVDB ID : 59133 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the AutoVue component in Oracle E-Business Suite 19.3.2 allows remote attackers to affect availability via unknown vectors.

[CLOSE] OSVDB ID : 59125 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.

[CLOSE] OSVDB ID : 59127 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.

[CLOSE] OSVDB ID : 59128 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality via unknown vectors.

[CLOSE] OSVDB ID : 59131 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vectors.