|
|
21 Nov 2008 |
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.
This issue is reported to affect PHP 5.2.6; other versions may also be vulnerable. |
| Securityfocus.com |
|
|
|
|
21 Nov 2008 |
Oracle Database Vault is prone to a privilege-escalation vulnerability.
An attacker with SYSDBA access to the Oracle user space can exploit this issue to bypass intended security measures and obtain potentially sensitive information.
Oracle Database 10.2.0.3 is affected; other versions may also be vulnerable. |
| Securityfocus.com |
|
|
|
|
21 Nov 2008 |
SocialEngine is prone to an HTTP response-splitting vulnerability and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
Attackers can leverage these issues to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, or to exploit latent vulnerabilities in the underlying database.
SocialEngine 2.7 is vulnerable; other versions may also be affected. |
| Securityfocus.com |
|
|
|
|
21 Nov 2008 |
wPortfolio is prone to a vulnerability that lets attackers modify arbitrary user passwords because it fails to adequately secure access to administrative scripts.
This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions up to and including wPortfolio 0.3 are vulnerable. |
| Securityfocus.com |
|
|
|
|
21 Nov 2008 |
Apple OS X QuickLook is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue is related to the handling of Microsoft Excel spreadsheet files.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
NOTE: This issue was previously covered in BID 31681 (Apple Mac OS X 2008-007 Multiple Security Vulnerabilities) but has been given its own record to better document this vulnerability. |
| Securityfocus.com |
|
|
|
