what you don't know can hurt you
Showing 51 - 75 of 128 RSS Feed

Files from David Litchfield

Email addressdavid at davidlitchfield.com
First Active1999-08-17
Last Active2017-09-14
database-on-xp.pdf
Posted Nov 20, 2005
Authored by David Litchfield | Site ngssoftware.com

Whitepaper entitled "Database Servers on Windows XP and the Unintended Consequences of Simple File Sharing".

tags | paper
systems | windows, xp
MD5 | f4138ea90e658cde10a9da08e6f112a7
sqlinference.pdf
Posted Oct 6, 2005
Authored by David Litchfield | Site ngssoftware.com

Whitepaper entitled 'Data-Mining With SQL Injection and Inference'. Paper is based on a talk given earlier this year at Blackhat Europe. It divides SQL injection data theft attacks into three classes - inband, out-of-band and inference. The first, in-band, uses the existing connection to get data out; the second, out-of-band, uses another channel, e.g. smtp by using builtin database mail functions; and lastly inference.

tags | paper, sql injection
MD5 | ade3fde8e00210cd40b61b8ed4c5837e
xpms.pdf
Posted Oct 6, 2005
Authored by David Litchfield | Site ngssoftware.com

Whitepaper entitled 'Buffer Underruns, DEP, ASLR, and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform'.

tags | paper
systems | windows
MD5 | 642dad3c7d155dce88737d22337a035e
oracleFailed.txt
Posted Jul 8, 2005
Authored by David Litchfield

The Oracle critical patch update released in April 2005 has failed to fix all of the vulnerabilities it claimed to have negated.

tags | advisory, vulnerability
MD5 | 1a05f7340f9f6ec7ec6afe8dfd3c7489
Next Generation Security Advisory 205012005I
Posted Jan 6, 2005
Authored by David Litchfield, NGSSoftware | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005I - IBM's DB2 database server contain four XML functions that can be used to read and write files on the system. Systems Affected: DB2 8.1.

tags | advisory
MD5 | 2fecab13d56fd188f38f7cf181893547
Next Generation Security Advisory 205012005H
Posted Jan 6, 2005
Authored by David Litchfield, NGSSoftware | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005H - IBM's DB2 database server contain four XML functions that suffer from stack based buffer overflow vulnerabilities. Systems Affected: DB2 8.1.

tags | advisory, overflow, vulnerability
MD5 | 8db4cbce0d6b52abd45c6a9699fbc990
Next Generation Security Advisory 205012005E
Posted Jan 6, 2005
Authored by David Litchfield, NGSSoftware | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005E - IBM's DB2 database server, when configured for Satellite Administration includes a number of SQL functions. One of these, the SATENCRYPT function, suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1.

tags | advisory, overflow
MD5 | e46a1800152ce2d5b88b3ad30901cb4c
Next Generation Security Advisory 205012005D
Posted Jan 6, 2005
Authored by David Litchfield, NGSSoftware | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005D - IBM's DB2 JDBC Applet Server suffers from a stack based buffer overflow vulnerability that can be exploited remotely without a user ID or password. Systems Affected: DB2 8.1.

tags | advisory, overflow
MD5 | e2de9579efdb785254e18ac4794b67fb
Next Generation Security Advisory 205012005C
Posted Jan 6, 2005
Authored by David Litchfield, NGSSoftware | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005C - IBM's DB2 database server suffers from a stack based buffer overflow vulnerability when using call. Systems Affected: DB2 8.1/7.x.

tags | advisory, overflow
MD5 | b9088eac807c12028677ae46c288e2ac
Next Generation Security Advisory 205012005B
Posted Jan 6, 2005
Authored by David Litchfield, NGSSoftware | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005B - libdb2.so.1, one of the libraries supplied with IBM's DB2 database server suffers from a buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.

tags | advisory, overflow
MD5 | 32f5e1aeb6ca63b4f2aa831a0f3315dc
Next Generation Security Advisory 205012005A
Posted Jan 6, 2005
Authored by David Litchfield, NGSSoftware | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR05012005A - IBM's DB2 database server suffers from a local attack whereby passing an overly parameter to the db2fmp binary will overflow a stack based buffer. Systems Affected: DB2 8.1/7.x.

tags | advisory, overflow, local
MD5 | e2044e2653fa1efb000397247dbfa538
Next Generation Security Advisory 223122004L
Posted Dec 31, 2004
Authored by David Litchfield, NGSSoftware | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004L - IBM's DB2 database server contains a procedure, generate_distfile. This procedure suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.

tags | advisory, overflow
MD5 | cdd3d73cfa50d9f5fe7a95749dd99e9d
oracle23122004J.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004J - The code for PL/SQL procedures can be encrypted or wrapped to use the Oracle term. When a wrapped procedure is created a buffer overflow vulnerability can be triggered. Systems Affected: Oracle 10g/9i on all operating systems.

tags | advisory, overflow
MD5 | d97ff3e3a1a5717cb97dfbedcec74635
oracle23122004H.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004H - Oracle 10g and 9i suffer from multiple PL/SQL injection vulnerabilities. Systems Affected: Oracle 10g/AS on all operating systems.

tags | advisory, vulnerability, sql injection
MD5 | bba6750fb329c77e111241092f946839
oracle23122004F.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004F - The 10g Oracle TNS Listener is vulnerable to a denial of service vulnerability. Systems Affected: Oracle 10g on all operating systems.

tags | advisory, denial of service
MD5 | a6738a6d54561303d7c502149fc7f788
oracle23122004E.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004E - The 10g Oracle Application Server installs ISQL*Plus. Once logged in, an attacker can use load.uix to read files on the server. Systems Affected: Oracle 10g AS on all operating systems.

tags | advisory
MD5 | adfe20bd74a120aa085285fa65b8aa91
oracle23122004D.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004D - The 10g Oracle database server may have passwords in clear text in world readable files. Systems Affected: Oracle 10g on all operating systems.

tags | advisory
MD5 | 428ac4ebe3aca104d0aaf92bc5284f08
oracle23122004C.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR23122004C - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc is intended only to accept requests from the Oracle database server but local users can still execute commands bypassing this restriction. Systems Affected: Oracle 10g/9i on all operating systems.

tags | advisory, local
MD5 | dae273bf1612c10c3afe4b3514192b16
oracle23122004B.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR23122004B - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc has been found to suffer from a directory traversal problem that allows attackers access to arbitrary libraries. Systems Affected: Oracle 10g/9i on all operating systems.

tags | advisory, arbitrary
MD5 | ed02212351daf65fa9d5c70b6f46cee1
oracle23122004.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004A - The Oracle database server supports PL/SQL, a programming language. PL/SQL can execute external procedures via extproc. Extproc has been found to suffer from another buffer overflow vulnerability. Systems Affected: Oracle 10g on all operating systems.

tags | advisory, overflow
MD5 | 8ff3f6a4a456615d65a9263bafbdd8f2
oracle23122004G.txt
Posted Dec 31, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004G - Due to character conversion problems in Oracle 10g with Oracle's Application server it is possible to bypass pl/sql exclusions and gain access to the database server as SYS. Systems Affected: Oracle 10g/AS on all operating systems.

tags | advisory
MD5 | fb210b21300c07dcfb7d455421482490
dreamweaver.txt
Posted Apr 5, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR05042004B - To aid in the development of web applications that require database connectivity, certain test scripts are created and uploaded to a website when using Macromedia's Dreamweaver. These scripts help to test database connectivity. If left these scripts can allow an attacker to gain access to the backend database server, without the attacker having to supply a user ID and password. Systems affected are IIS/Dreamweaver MX and UltraDev 4.

tags | advisory, web
MD5 | abb3079d80716b54b6dfdfd18f1be2bc
db2rmtcmd.txt
Posted Mar 11, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR09032004 - IBM's DB2 version 8.1 Enterprise Edition on Windows has a remote command server that runs as db2admin, but can have commands executed by a guest account, allowing for privilege escalation.

tags | advisory, remote
systems | windows
MD5 | 1962d75fb94caac85d2385e494eaa814
slmailwm.txt
Posted Mar 5, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR05022004b - SLWebMail has multiple buffer overflow vulnerabilities that are related to ISAPI appliactions.

tags | advisory, overflow, vulnerability
MD5 | 3b3c992ac61ac071ca7b1da1388f08c5
slmailsrc.txt
Posted Mar 5, 2004
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR05022004a - SLMail Pro Supervisor Report Center versions 2.0.9 and below are vulnerable to a buffer overflow attack when supplied with an overly long HTTP sub-version.

tags | advisory, web, overflow
MD5 | 381f8428881bb22dd2452beba88e8254
Page 3 of 6
Back12345Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close