Register | Forget Password | Login
Search :
SecurityReason

News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

WLB

WLB Database

Send to WLB

About WLB

RSS

News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Corporate

Contact

About us

Services

SecurePHP

Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Details : SecurityAlert

  Topic : Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG
  SecurityAlert : 2382
  CVE : CVE-2006-7158
  SecurityRisk : Low  alert  (About)
  Remote Exploit : Yes
  Local Exploit : No
  Exploit Given : No
  Credit : red-database-security
  Published : 09.03.2007

  Affected Software : Oracle APEX/HTMLDB < 2.2.1



  Advisory Text :  

Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG

Name Cross-Site-Scripting Vulnerabilitiy in Oracle APEX
NOTIFICATION_MSG
Systems Affected Oracle APEX/HTMLDB
Severity Medium Risk
Category Cross Site Scripting (XSS/CSS)
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Date 18 October 2006 (V 1.00)
Advisory
http://www.red-database-security.com/advisory/oracle_apex_css_notificati
on_msg.html

Details
#######
The parameter NOTIFCATION_MSG parameter contains a cross site scripting
vulnerability.

Affected Products
#################
Oracle APEX/HTMLDB < 2.2.1

Patch Information
#################
This bug is fixed with the patch 2.2.1 of APEX which is not part of the
Critical Patch Update October 2006. It's necessary to upgrade your
APEX/HTMLDB installation to 2.2.1. Patches are currently not available for
Oracle Application Express.

History
#######
03-oct-2005 Oracle secalert was informed
04-oct-2005 Bug confirmed
17-oct-2006 Oracle published CPU October 2006
18-oct-2006 Red-Database-Security published this advisory

Additional Information
######################
An analysis of the Oracle CPU Oct 2006 is available here
http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html




  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

Microsoft VISTA TCP/IP stack buffer overflow

high- 2008-11-27

Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.

Apache rss

» Apache Tomcat information
   disclosure

» Apache Tomcat <=
   6.0.18 UTF8 Directory
   Traversal Vulnerability

» Apache Tomcat information
   disclosure vulnerability

» Apache Tomcat XSS
   vulnerability

PHP rss

» PHP 5.2.6 dba_replace()
   destroying file

» PHP 5.2.6 (error_log)
   safe_mode bypass

» PHP 5.2.6 chdir(),ftok()
   (standard ext) safe_mode
   bypass

» PHP 5.2.6 posix_access()
   (posix ext) safe_mode
   bypass

Copyright © SecurityReason. All Rights Reserved.