Versions of Jetty, the popular java web server, are vulnerable to a session id prediction attack. Jetty uses java.util.Random to generate session ids. The internal state of this generator can be easily discovered, leading to an attacker being able to hijack existing and future sessions. Jetty versions below 4.2.27, 5.1.12, 6.0.2 and 6.1.0pre3 are affected.
c1d988304d1385f3280f2844850635794020da733cf9d0150423c973335069fcNGSSoftware Insight Security Research Advisory - Sybase ASE versions prior to 12.5.3 ESD#1 suffer from multiple buffer overflows and denial of service vulnerabilities.
8057a9b0c4794a5ecce8eb94c3a4e21b6ee749420f1666aa849c032a94346f39NGSSoftware Insight Security Research Advisory #NISR05012005G - IBM DB2 is vulnerable to denial of service conditions when processing certain function calls. Systems Affected: DB2 8.1.
f3c908713847b92460a5a7d99df17b60b369dd3c656c7cfc290d0f990ee42c85NGSSoftware Insight Security Research Advisory #NISR05012005F - Almost all shared memory sections and events in the Windows version of DB2 have weak permissions; all sections can be read and written by Everyone, and all events can be set and waited on by Everyone. This results in a number of security issues relating to the privileges of local users. Systems Affected: DB2 8.1.
710a1b87f503f48ddd770bd0d5c49acdd7ab71124cf9f67ce6157ca99e17f3fcNGSSoftware Insight Security Research Advisory #NISR25072003 - In an attempt to fix previous vulnerabilities discovered by NGSSoftware, the Oracle RDBMS fix patched the hole but left a logging function vulnerable to a stack overflow.
237dd712fc93400a7d9eed9e111f3ab5238fd5fcb2322857fa12ec0d69be3187
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed