Multiple security vulnerabilities have been corrected in the Oracle Business Suite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU). These include SQL injection and cross site scripting vulnerabilities.
351c01823ab7ff21020c389c6441d2e3d3cd29cb6947a08a05655b437ac95282A number of high risk SQL injection and parameter manipulation security vulnerabilities in the Oracle E-Business Suite 11i have been corrected by Oracle's July, 2005 release of security patches.
061272e7db015ab7bdc393e50a6eb5a9638824bf86b69620707f25a582816c59Integrigy Security Advisory - Oracle has released the its first Critical Patch Update (January 2005) and fixes 23 vulnerabilities in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite - Integrigy discovered 5 of these vulnerabilities. The vulnerabilities in the Oracle Database and Oracle E-Business Suite should be considered high risk and organizations should work to apply the necessary patches at the earliest possible opportunity.
2d1a3adf02a15d6881976646e7fb047d6f0e021ee82168b3c88b84ea0793d9acIntegrigy Security Alert - Multiple SQL injection vulnerabilities exist in the Oracle E-Business Suite 11i and Oracle Applications 11.0. These vulnerabilities can be remotely exploited simply using a browser and sending a specially crafted URL to the web server. A mandatory patch from Oracle is required to solve these security issues.
812a04625f640c861187cabb6e7c48e6470b1516abeeb36da21fcca155ecb6f3Integrigy Security Alert - The Oracle Applications AOL/J Setup Test Suite, used to trouble-shoot the Self-Service framework, can be exploited to remotely retrieve sensitive configuration and host information without application authentication. The AOL/J Setup Test Suite is installed by default for all 11i implementations. A mandatory patch from Oracle is required to solve this security issue. Affected versions: 11.5.1 - 11.5.8.
854e86c2ad0a68b842923e90cca894c381a953aeda7c67d317b9cdd7deb2aefcIntegrigy Security Alert - The Oracle Applications FNDWRR CGI program, used to retrieve report output from the Concurrent Manager server via a web browser, has a remotely exploitable buffer overflow. A mandatory patch from Oracle is required to solve this security issue. Affected versions: 11.0 and 11.5.1 - 11.5.8.
35163210430282df91a1cb019208a07bf7a0cc546bf99ea364752eb19abc2a02
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed