Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Oracle EBusiness Suite Vulnerabilities; Netgear WG602 Accesspoint Vulnerability; Harry Potter and the Worm of Doom - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oracle EBusiness Suite Vulnerabilities; Netgear WG602 Accesspoint Vulnerability; Harry Potter and the Worm of Doom
Oracle EBusiness Suite Vulnerabilities

Vulnerabilities have been discovered in Oracle EBusiness Suite. According to Integrigy report, there are several input validation vulnerabilities in Oracle E-Business Suite. They can be remotely exploited by using a browser and sending a specially crafted URL to the vulnerable system. Successful exploiting the vulnerabilities could lead to the compromise of the whole database and application.

Oracle has issued a fix. For more information, please refer to:

http://www.integrigy.com/alerts/OraAppsSQLInjection.htm

http://otn.oracle.com/deploy/security/pdf/2004alert67.pdf



Netgear WG602 Accesspoint Vulnerability

A vulnerability has been discovered in the Netgear WG602 Accesspoint. According to Tom Knienieder, the device contains a default administrative account. A remote user who can access to the web interface of the device will be able to login using the default account and gain control of the device.

At this point of writing, there is no solution for this vulnerability. You should restrict web access to the device or disable the web interface on the device if possible.

http://seclists.org/lists/fulldisclosure/2004/Jun/0071.html



Harry Potter and the Worm of Doom

With the recent release of the latest Harry Potter film, there have been reports in the increase of the old Netsky.P virus which can disguise itself as a Harry Potter game or book. Do be aware and do not let the popularity of Harry Potter to cast a nasty spell on your computer.

http://asia.cnet.com/newstech/security/0,39001150,39181869,00.htm

http://news.bbc.co.uk/2/hi/technology/3773443.stm

http://www.vnunet.com/news/1155604

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci968651,00.html
Kevin

32 Posts

Sign Up for Free or Log In to start participating in the conversation!