First off sorry for the lag on site updates. I'll be gone all next week and I've been busy. A chunked encoding overflow has been discovered in fp30reg.dll which can allow a remote attacker to execute commands. More importantly this took 11 months to get fixed. Rele vant information from the advisory....
"Oracle's RDBMS, a leading database server package, supports stored packages and procedures through the use of PL/SQL. These packages and procedures can be accessed through Oracle's Application Server's Portal module. Oracle Application Server is a web server designed for Oracle applications. Many of the PL/SQL packages and procedures are vulnerable to SQL...
libox.net has released a cross site scripting paper which provides examples of bad php code, and also talks a little bit about automating an attack. Additional papers on XSS can be found in our Cross Site Scripting section. "Cross site scripting (XSS) flaws are a relatively common issue in web application security,...
