Oracle WebCenter information exposure vulnerability
| CENSUS ID: | CENSUS-2014-0001 |
| CVE ID: | CVE-2014-0450 |
| Oracle Tracking #: | S0388414 (CPUApr2014) |
| Affected Products: | Oracle Fusion Middleware (versions 11.1.1.7 and 11.1.1.8) |
| Class: | Information Exposure (CWE-200), Privacy Violation (CWE-359) |
| Remote: | Yes |
| Discovered by: | Alex Zaharis |
| Researched by: | Alex Zaharis, Patroklos Argyroudis |
The Oracle WebCenter portal component in Oracle Fusion Middleware (versions 11.1.1.7 and 11.1.1.8) is vulnerable to an information exposure vulnerability. A malicious user may utilize this vulnerability to gain unauthenticated access to the list of valid usernames of the system, the users’ personal information and files linked to the users’ profiles.
Netvolution referer header SQL injection vulnerability
| CENSUS ID: | CENSUS-2011-0001 |
| CVE ID: | CVE-2011-3340 |
| Affected Products: | Netvolution v2.5.8 (ASP). Other versions may also be vulnerable. |
| Class: | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89) |
| Remote: | Yes |
| Discovered by: | Patroklos Argyroudis |
| Researched and Exploited by: | Dimitris Glynos |
Netvolution v2.5.8 is vulnerable to a blind SQL injection attack in the HTTP “referer” header. A malicious user may utilize this vulnerability to modify content on the vulnerable website, inject malicious javascript code to a visitor’s browser, collect CMS usernames and plaintext passwords and, in some cases, execute commands on the system hosting the database server. This is a critical vulnerability since it does not require authentication and its exploitation may go undetected.
FreeBSD kernel NFS client local vulnerabilities
| CENSUS ID: | CENSUS-2010-0001 |
| CVE ID: | CVE-2010-2020 |
| Affected Products: | FreeBSD 8.0-RELEASE, 7.3-RELEASE, 7.2-RELEASE |
| Class: | Improper Input Validation (CWE-20) |
| Remote: | No |
| Discovered by: | Patroklos Argyroudis |
We have discovered two improper input validation vulnerabilities in the FreeBSD kernel’s NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack.
Monkey HTTPd improper input validation vulnerability
| CENSUS ID: | CENSUS-2009-0004 |
| Affected Products: | Monkey web server versions ≤ 0.9.2. |
| Class: | Improper Input Validation (CWE-20), Incorrect Calculation (CWE-682) |
| Remote: | Yes |
| Discovered by: | Patroklos Argyroudis |
We have discovered a remotely exploitable “improper input validation” vulnerability in the Monkey web server that allows an attacker to perform denial of service attacks by repeatedly crashing worker threads that process HTTP requests.