Software

Security news roundup: October 24

Here's a collection of recent security vulnerabilities and alerts, which include vulnerabilities discovered in Lotus Notes and Domino as well as multiple SQL-injection vulnerabilities discovered in Oracle interMedia.

Here's a collection of recent security vulnerabilities and alerts, which include vulnerabilities discovered in Lotus Notes and Domino as well as multiple SQL-injection vulnerabilities discovered in Oracle interMedia.

  • Vulnerabilities discovered in Lotus Notes and Domino

The discovered vulnerabilities could allow attackers to inject and execute arbitrary code on systems running the above. IBM has released updated versions of the software that fixes the bugs.

According to PC World:

The four vulnerabilities involve Notes' IMAP service; its scripting language, LotusScript; the Domino server's command console; and how both Notes and Domino map memory in Windows when they're used in a shared environment such as Citrix.

Additional reading from heise Security:

  • Oracle interMedia prone to multiple SQL-injection vulnerabilities

The vulnerability stems from insufficient sanitizing of user-supplied data.

Excerpt from SecurityFocus:

Successful exploits may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Exploit code can be found here.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks