Here’s a collection of recent security vulnerabilities and alerts, which include vulnerabilities discovered in Lotus Notes and Domino as well as multiple SQL-injection vulnerabilities discovered in Oracle interMedia.

  • Vulnerabilities discovered in Lotus Notes and Domino

The discovered vulnerabilities could allow attackers to inject and execute arbitrary code on systems running the above. IBM has released updated versions of the software that fixes the bugs.

According to PC World:

The four vulnerabilities involve Notes’ IMAP service; its scripting language, LotusScript; the Domino server’s command console; and how both Notes and Domino map memory in Windows when they’re used in a shared environment such as Citrix.

Additional reading from heise Security:

  • Oracle interMedia prone to multiple SQL-injection vulnerabilities

The vulnerability stems from insufficient sanitizing of user-supplied data.

Excerpt from SecurityFocus:

Successful exploits may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Exploit code can be found here.