Unprivileged database users can see password hashes in APEX version 3.0.
4ea827b7dad31bf7f8a520ba5bd15585d49f4dbefc840fa534832c2dba249d7eThe package DBMS_AQIN contains a SQL injection vulnerability in the procedure DEQ_EXEJOB. Oracle versions 10.1.0.5 through 11.1.0.7 are affected.
5964a7374194365921ab37c0db44964a7c72c74b0ff677173feef43536686a35Practical Oracle Forensics - Oracle forensics is a new discipline without special tools/scripts. Most presentations about Oracle forensics are still very basic. The typical approach in these presentations is to show what tools/(log)files are available to do forensics. In the real world with huge databases (many GB, sometimes TB) it is normally not helpful. This presentation is using a different approach. Based on the different type of attackers (leaving employee, nosy DBA/employee, external hacker etc.) we have different traces in Oracle and we show in different scenarios how to find evidence. We provide a free toolset to do a (basic) forensic analysis without having deep Oracle knowledge.
20612b361c886e97ff98ce3ea92f2c60e6d189c077a2b13341e46c3521bd8f78Oracle 9i Release 1 through 10g Release 2 suffer from a hard coded password vulnerability.
5a626b3f3db0d29867bfeb5c6c55255678262395a263f8d3e5ad0123e3b0aa0aOracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in the SDO_GEOM package.
5c6480feed1ae87a9b01f04e8303b0822b3ea652afdbae60cea161366ac61511Oracle 9i Release 1 through 11g Release 1 suffer from a SQL injection vulnerability in the SDO_IDX package.
d6d0053dc2be5c9cf1894ba082e60dc8f4f2aa3f839d4a47bb79a73fc0baee27Oracle 10g Releases 1 and 2 suffer from a SQL injection vulnerability in the SDO_UTIL package.
014f11cb69ac5e56681ff953324c818122c8520818bfd0427b2c1fb0b6b0c4d1Oracle APEX suffers from a SQL injection vulnerability in the function wwv_flow_security.check_db_password.
be85cdf82928543a15cd632048bd34f09111e4e5b7b86a1a31f11c3889e30768Oracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in package DBMS_PRVTAQIS.
8f517541964af9ad28be18b98dc9a458db1af887ce0fdafcc0226c566e46723bOracle 8i through 10g Release 2 allow updates, deletes and inserts via specially crafted views without having the right privileges.
f648f25b709a85c097126511d08bafb72d2ced88a799165bf3975637df3a482dThe Oracle Discoverer Servlet suffers from a flaw that allows for the TNS listener to be shutdown.
6cd2e4a0b0c557d28f86cc4b2adb74c3a579002df62bea34f5fb4e09d883e8bdOracle Secure Enterprise Search version 10.1.6 suffers from a cross site scripting flaw.
7aff1e9b18ed5ee3a39d4482abc354b9e1131595d41325b2d9bdfc084897e7dcOracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_UPGRADE_INTERNAL.
9167b0d43caa7db52dbfb7cc46a2cf827743d33ea95fb3f95418a2eb2d069b6bOracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_AQADM_SYS.
1d36561760e55a09bc52dc5e4fef603f3873b8856b518f5b9405b4d4f1cfa6f3It is possible to bypass the Oracle database logon trigger.
abf861aed916223bb9344c108ae7bcdecf70bbde07d488f29de921d949c8a625Whitepaper titled "Bypassing Oracle dbms_assert".
9f7cfa0b9fa6a325fd9b6f069b22b6795f046e87d923264ea157ee119a0bce84Oracle 10g Release 1 is susceptible to SQL injection flaws due to the SYS.DBMS_UPGRADE package.
18c7d147268f4340c1b4b135f96de0783f6f3ec9d81dbf61704fb19e444a06b8Oracle 10g Release 1 is susceptible to SQL injection flaws due to the SYS.DBMS_STATS package.
3a7cab283b50bd36f1df7a0d097581f90730373dc3f861271e3fd452eacc7f17Oracle 10g Release 1 is susceptible to SQL injection flaws due to the SYS.KUPW$WORKER package.
f6324aa9af8254b31f82d5d99a144a429093d3ce534bbaefbedac9033a70dac6Oracle 10g Release 1 is susceptible to SQL injection flaws due to the SYS.DBMS_CDC_IMPDP package.
7aee6cd1fd328ddd01a554087c7fe9ec3a27fddb63bc5df119ead3f784d82aa5Oracle versions 9.2.0.0-10.2.0.3 suffer from an unpatched vulnerability which allows users with SELECT only privileges on a base table to insert/update/ delete data via a specially crafted view.
52fce6051885e4c90f88131ef99b44526f5d4aaf91684d6e8bede57d2e41a144The package SYS.KUPV$FT contains 3 SQL injection vulnerabilities in the functions ATTACH_JOB, OPEN_JOB, HAS_PRIVS. Oracle fixed these vulnerabilities with the package dbms_assert.
cacfccadb67c767daee94524725fa95624e17dcb4d30045bcd1abbb1c25e6f85The event 10053 is storing the masterkey of Oracle Transparent Data Encryption unencrypted in a trace-file. A skilled attacker or non-security DBA could set this special event to get the plaintext masterkey for the TDE encryption.
f4ca69910f6b6bd84af219a014b2bd03ffa45c23b0ba4521dcb398e9865c28a3The Oracle Reports parameter desformat can read any file by using an absolute or relative file name. Parts of the file content are displayed in the Reports error message.
71bda64001af5d5de9c3ae98cca97149f55cf7d9152db5019ba1564dcdd1c929By specifing a special value for the parameter desname Oracle Reports can overwrite any file on the application server. On Windows systems an attacker can overwrite any files (e.g. boot.ini) on the application server. On UNIX system an attacker can overwrite all files (e.g. opmn.xml) which belongs to the Oracle Application Server user. This attack can be done with a simple URL.
100bcb12928b2140f513bf2498d97f32bac11ba0f7d933420a1441a525169dcd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed