Multiple vulnerabilities have been identified in various Oracle and BEA products, which could be exploited by remote or local attackers to cause a denial of service, read and manipulate certain data, disclose sensitive information, conduct SQL injection attacks, bypass security restrictions, or execute arbitrary commands.
These issues are caused by errors in the Data Mining, OLAP, Data Capture, Spatial, Workspace Manager, Upgrade, AS, Core RDBMS, Oracle Portal, Reports Developer, JDeveloper, Discoverer Administrator, Discoverer Desktop, Applications Technology Stack, iSupplier Portal, iStore, Applications Framework, PeopleTools, PeopleSoft Enterprise Portal, JDE EnterpriseOne Business Service Server, WebLogic Server, Plugins for Apache, and Workshop components.
Credits
Vulnerabilities reported by Esteban Martinez Fayo (Application Security, Inc.), Pete Finnigan, Tony Fogarty (DNV), guyp (Sentrigo), Jack Kanter (Integrigy), Joxean Koret, Alexander Kornbrust (Red Database Security), Slavik Markovich (Sentrigo), Amichai Shulman (Imperva, Inc.), Chris Valasek (IBM Corp), Chris Anley (NGS Software), Jeff Kayser (Jibe Consulting), David Litchfield (NGS Software), and Joshua Tolley (Partnet Inc).
ChangeLog
2008-10-15 : Initial release
Vulnerability Management
Subscribe to VUPEN Security VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@vupen.com.
