accept no compromises
Showing 1 - 25 of 66 RSS Feed

Files from Esteban Martinez Fayo

Email addresssecemf at gmail.com
First Active2004-09-09
Last Active2013-03-01
Oracle Enterprise Manager advReplicationAdmin SQL Injection
Posted Mar 1, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager are vulnerable to SQL Injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0372
MD5 | bd17713179b0dd34a209b64aa4780fc2
Oracle Enterprise Manager Resource Manager SQL Injection
Posted Feb 23, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/instance/rsrcpln in Oracle Enterprise Manager Resource Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0358
MD5 | e1e329133ead91ef0a98b9b983c4c877
Oracle Enterprise Manager advReplicationAdmin Cross Site Scripting
Posted Feb 23, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - It appears that /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager suffers from multiple cross site scripting vulnerabilities. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, vulnerability, xss
advisories | CVE-2013-0355
MD5 | 2a695827f0c4093d27f16bb38f123ad7
Oracle Enterprise Manager Streams Queue SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/streams/queue in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0373
MD5 | a4d5f9be647091e83238c727780531ae
Oracle Enterprise Manager SCPLBL_COLLECTED SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/ecm/config/savedConfig in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0353
MD5 | 797c84ce05ba270d3864a0ef83dc78e9
Oracle Enterprise Manager dBClone SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dbclone/dBClone in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0374
MD5 | 89bf7d1270831f578edfebc65d7cc8f6
Oracle Enterprise Manager advReplicationAdmin SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - An attacker hosting a malicious web site can execute SQL statements in the backend database when an administrator with an open session in Oracle Enterprise Manager web application visits the malicious web site. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web, sql injection
advisories | CVE-2013-0372
MD5 | c72e97c74ef4419cb68cdf98e5db1bd0
Oracle Enterprise Manager HTTP Response Splitting
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - The 'pagename' parameter of web page /em/console/ecm/policy/policyViewSettings in Oracle Enterprise Manager is vulnerable to HTTP response splitting attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web
advisories | CVE-2013-0354
MD5 | 9388cdd4aa6b1596bd6089c72e1b5935
Oracle 11g Stealth Password Cracking
Posted Feb 21, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - There is a flaw in the way that Authentication Session Keys are generated and protected by Oracle Database Server during the authentication process. It is possible to use this flaw to perform unlimited password guesses (cracking) of any user password in a similar way as if the password hash would be available. Oracle Database version 11gR1 and 11gR2 are affected.

tags | advisory
advisories | CVE-2012-3137
MD5 | 202792016cc431189ff6f7eced879dec
Oracle Database Authentication Protocol Security Bypass
Posted Oct 18, 2012
Authored by Esteban Martinez Fayo

Oracle database versions 11g R1 and R2 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2012-3137
MD5 | ff113e2118513db84cedf768af48602f
Sybase ASE 15.x Java Command Execution
Posted Oct 5, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - It is possible to execute Operating System commands using the Java call Runtime.getRuntime().exec() in Sybase ASE versions 15.0, 15.5, and 15.7.

tags | advisory, java
MD5 | 073d67fecbc454f2729aefc03761b75a
Oracle Enterprise Manager 11.x SQL Injection
Posted Oct 5, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - There are multiple SQL Injection vulnerabilities in components of SQL Tunning Sets that can be abused to perform attacks to execute SQL statements with elevated privileges in Oracle Enterprise Manager Database Control versions 11.1.07, 11.2.0.3, and previous patch sets.

tags | advisory, vulnerability, sql injection
advisories | CVE-2012-1737
MD5 | 52447a9179053286d9a3d997d40eb14a
Oracle Database Server Password Hash Leak
Posted Apr 20, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from a password hash information leak in the OCIPasswordChange API.

tags | advisory
advisories | CVE-2012-0511
MD5 | 02873b18304774a652a3303cdbe3fc5f
Oracle Enterprise Manager Session Fixation
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5 and 11.1.0.7 (and previous patchsets) suffer from a session fixation vulnerability.

tags | advisory
advisories | CVE-2012-0528
MD5 | 1894a14b5bb37c8ff3d21f788c6469a5
Oracle Enterprise Manager prevPage HTTP Response Splitting
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5, 11.1.0.7 and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.5 (and previous patchsets) suffer from an HTTP response splitting vulnerability in the prevPage parameter.

tags | advisory, web
advisories | CVE-2012-0526
MD5 | 6baf46cb9232452978e7352e72863bfa
Oracle Data Lock Account Protection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Data Server versions 10gR1, 10gR2 (10.2.0.5 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from incomplete protection of locked accounts.

tags | advisory
advisories | CVE-2012-0510
MD5 | c118e002b2a768709a7363f5b2344509
Oracle Enterprise Manager pageName HTTP Response Splitting
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5, 11.1.0.7, and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.5 (and previous patchsets) suffer from an HTTP response splitting vulnerability in the pageName parameter.

tags | advisory, web
advisories | CVE-2012-0527
MD5 | 27a76fc7e6bb37728dc021ee5a147638
Oracle Failed Logging On Password Attempts
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) have an issue where failed authentication attempts using the OCIPasswordChange API are not recorded.

tags | advisory
advisories | CVE-2012-0511
MD5 | 3e25a4e65d6288bc5e58d726eeb0edd9
Oracle Enterprise Manager searchPage SQL Injection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 11.1.0.7 and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control versions 10.2.0.5 and 11.1.0.1 (and previous patchsets) suffer from a remote SQL injection vulnerability in the searchPage web page.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-0525
MD5 | ce03999aad65483f39fedf75e230595a
Oracle Enterprise Manager compareWizFirstConfig SQL injection
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 11.1.0.7 and 11.2.0.2 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.4 (and previous patchsets) suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-0512
MD5 | 5503861e0f353e5fd095bc0d01b2cc49
Oracle Database Account Management Protection Bypass
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege or DV_ACCTMGR role can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).

tags | advisory, bypass
advisories | CVE-2011-2322, CVE-2011-3511
MD5 | 0d678abb8951e4e5b33a39a30bb28be7
Oracle Database CTXSYS.DRVDISP.TABLEFUNC_ASOWN Buffer Overflow
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server provides the CTXSYS.DRVDISP package that is part of Oracle Text component. This package contains the function TABLEFUNC_ASOWN which is vulnerable to buffer overflow attacks when it is called with a long string in their parameters.

tags | advisory, overflow
advisories | CVE-2011-2301
MD5 | 50ad7e842ac32d4e10e36a4484393ab8
Oracle Enterprise Manager metricDetail$type Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site scripting vulnerability in metricDetail$type page.

tags | advisory, xss
advisories | CVE-2011-0876, CVE-2011-0879
MD5 | 36663f9f5df75d6e616046b0ab069b17
Oracle Enterprise Manager Sitemap Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 suffer from a cross site scripting vulnerability in the sitemap page.

tags | advisory, xss
advisories | CVE-2011-0877, CVE-2011-0881
MD5 | 074b382d93e1031d93862e8ee423f22d
Oracle Enterprise Manager notifRuleInfo$mode Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.

tags | advisory, xss
advisories | CVE-2011-0830
MD5 | 2cd1a5640d61e5bd0047d892e7e2491d
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close