exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Martin Rakhmanov

First Active2008-04-18
Last Active2013-02-22
Oracle Database GeoRaster API Overflow
Posted Feb 22, 2013
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - GeoRaster is a feature of Oracle Spatial that lets you store, index, query, analyze, and deliver GeoRaster data. One of the GeoRaster APIs is prone to stack-based overflow.

tags | advisory, overflow
advisories | CVE-2012-3220
SHA-256 | 3a93180b3014610b665d5b8cce7d1ac694474a16caebae59d56cfa7c1dcef3af
Oracle Alter FBA Table SQL Injection
Posted Feb 21, 2013
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Renaming a table having flashback archive using specially crafted table name triggers internal SQL injection. This allows users to execute code with elevated privileges. Oracle Database Enterprise Edition version 11.1 and 11.2 are affected.

tags | advisory, sql injection
advisories | CVE-2012-1751
SHA-256 | fe12a85f642cabb0360ed843da29b8d6e66283d99716b980d61f47a9ad23614c
Sybase ASE 15.x Role Elevation
Posted Oct 5, 2012
Authored by Martin Rakhmanov | Site appsecinc.com

Authenticated users can elevate privileges to any role via SQL injection in one of the DBCC commands in Sybase ASE versions 15.0, 15.5, and 15.7.

tags | advisory, sql injection
SHA-256 | 0de0a63c7bdd201868a067b883c3f04d9b4bc9ce90eabb05ce9dc53e37d30270
IBM DB2 LUW 9.x / 10.1 XML File Disclosure
Posted Oct 5, 2012
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Two system stored procedures executable by PUBLIC allow reading of files with xml extensions in IBM DB2 LUW versions 9.1, 9.5, 9.7, and 10.1.

tags | advisory, info disclosure, xxe
advisories | CVE-2012-2196
SHA-256 | 107b4fda80eb2d3a4a4a72644c82a7c887c11de47730435f9aa331d4906b0061
IBM DB2 LUW 9.x / 10.1 JAR File Overwrite
Posted Oct 5, 2012
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - System stored procedure SQLJ.DB2_INSTALL_JAR executable by PUBLIC allows JAR file overwrite to any authenticated user in IBM DB2 LUW versions 9.1, 9.5, 9.7, and 10.1.

tags | advisory, code execution, file inclusion
advisories | CVE-2012-2194
SHA-256 | 70532ba6dc2c51be2493c022d83d341c1d2e93b16b4e6d2b79127f0dc31c10d7
Microsoft SQL Server Privilege Escalation / SQL Injection
Posted Apr 12, 2012
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Microsoft SQL Server versions 2005, 2008, and 2008 R2 suffer from a SQL injection vulnerability in the RESTORE DATABASE command that can lead to privilege escalation.

tags | advisory, sql injection
SHA-256 | b64d5300f1a7ad77731e4342eabd0820c75171ca63e4b9ccb158653ee331263e
Oracle Database Spatial SQL Injection
Posted Oct 21, 2011
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.

tags | advisory, sql injection
advisories | CVE-2011-3512
SHA-256 | 4616869b107611943cfb158aaeb48dfebc849d4b8aa5d6f570567435e9d23081
OracleRemExecService Command Execution
Posted Jan 21, 2011
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - It is possible to execute arbitrary operating system commands as localsystem when certain maintenance tasks are executed. For instance, when Database Configuration Assistant is invoked or Oracle Universal Installer is used to modify features. These tools use a Windows service to execute various commands: the service itself relies on a named pipe to receive the commands. The pipe handling is not secure enough resulting in the vulnerability.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2010-4423
SHA-256 | 917ec70d2616d1daa738ea18642a5db3ecb8441d150203729a61d9b856e59d94
shatter-clrstored.txt
Posted Sep 16, 2008
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - It is possible to use the CLR stored procedure deployment feature of IBM Database add-ins for Visual Studio to produce a privilege escalation or denial of service on a DB2 server. IBM DB2 Database Server versions 9.1 and 9.5 on the Windows platform are affected.

tags | advisory, denial of service
systems | windows
advisories | CVE-2008-3852
SHA-256 | 93159e714894796764bdfc5cbc6de85425718a0e10e81c6b0e87ed2a5c4ac87b
ibmdb2-exec.txt
Posted Apr 18, 2008
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - IBM DB2 UDB suffers from an arbitrary code execution vulnerability in the ADMIN_SP_C/ADMIN_SP_C2 procedures.

tags | advisory, arbitrary, code execution
SHA-256 | 50e6be64cb624506a4f86efaad10de1d3ee7e3c73d10c512e9caa0c69f8eaff0
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close