what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Oracle Data Redaction Is Broken
Posted Jul 16, 2014
Authored by David Litchfield

Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.

tags | paper, web, sql injection
SHA-256 | 8cb488d94f0f24c541295b45894955646b915f06b2bd3f2038f2c4e7aac4422f

Related Files

Oracle WebLogic wls-wsat Component Deserialization Remote Code Execution
Posted Jan 28, 2018
Authored by Alexey Tyurin, Federico Dotta, Kevin Kirsche, Luffin | Site metasploit.com

The Oracle WebLogic WLS WSAT component is vulnerable to an XML deserialization remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.

tags | exploit, remote, code execution
advisories | CVE-2017-10271
SHA-256 | 4ec37da27b4c2bc377cee005689b9de7e837a03542a60ce1130758c857cb9228
Oracle JDeveloper IDE Directory Traversal
Posted Jan 18, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Oracle JDeveloper IDE suffers from a directory traversal vulnerability.

tags | exploit
advisories | CVE-2017-10273
SHA-256 | 1d176bdbee49ba892cf19cf1e3798bd83c3a891b6a5e40b040c9740c38088530
Oracle E-Business Suite 12.x Unconstrainted File Download
Posted Jan 22, 2017
Authored by Owais Mehtab, Tayeeb Rana

Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6 suffer from an unconstrained file download vulnerability.

tags | exploit
advisories | CVE-2017-3277
SHA-256 | 9aae3dbd6f7dc3149e3d98324e0cd339aa6a4a5b85500b4164c9b406d0301082
Oracle Netbeans IDE 8.1 Directory Traversal
Posted Oct 20, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Oracle Netbeans IDE version 8.1 suffers from a directory traversal vulnerability.

tags | exploit
advisories | CVE-2016-5537
SHA-256 | fcd77a7ca37698cc313eccfc4beebbe095c88b70b0ee7e76a01fd60ad3e4e156
Oracle Orakill.exe 11.2.0 Buffer Overflow
Posted Jun 14, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Oracle's orakill.exe binary version 11.2.0 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | c9fef9d30e9b9bf8c1f6540912d5512f614b2ec08e1c53effd8a3d2295ba9b2f
Oracle ATS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, Zhou Yu | Site metasploit.com

This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

tags | exploit, arbitrary, shell, file upload
SHA-256 | 472df2245622a97749e8706f2ba968606decb46822546f51bf7cc6c5391ad65f
Java Platform SE 6 U24 HtmlConverter.exe Buffer Overflow
Posted Jan 21, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Java Platform SE 6 U24 HtmlConverter.exe version 6.0.240.50 suffers from a buffer overflow vulnerability.

tags | exploit, java, overflow
SHA-256 | c26dad11dc7a3b97b9cbe8edf6f976878186e3d92c3d957301ddda94e2f412c6
Oracle BeeHive 2 Code Execution
Posted Dec 3, 2015
Authored by mr_me, sinn3r, 1c239c43f521145fa8385d64a9c32243 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Oracle BeeHive. The processEvaluation method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2010-4417
SHA-256 | 0dd4b2592fada413038b4c9f336ee7ca63693bbb79a1842a8646d6ac30bff4df
Oracle BeeHive 2 Arbitrary File Upload
Posted Dec 3, 2015
Authored by mr_me, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.

tags | exploit, remote, arbitrary, code execution
SHA-256 | 2ffb837bd56e22b7a4670bff61370cd18bac27e5c719ed050224b17709ad6f2e
Inside The Mind Of Oracle's Mary Ann Davidson
Posted Aug 11, 2015
Authored by Mary Ann Davidson

This is a public blog posted by Oracle's CSO Mary Ann Davidson. It provides a rare glimpse into the corporate mindframe reminding us all that license agreements are always respected by hostile parties and therefore security researchers should not even consider reverse engineering Oracle's code base. As has been proven time and again, Oracle's bullet proof unbreakable security does not need public vetting and they consistently can identify and address all issues without your needless meddling.

tags | paper
SHA-256 | d16deebdad2785cf38a42eaa182a2fd03f6976eacc830f7b05b1f5489393b40f
Oracle Event Processing FileUploadServlet Arbitrary File Upload
Posted Jul 6, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Processing uses a Jetty Application Server without JSP support, which limits the attack to WbemExec. The current WbemExec technique only requires arbitrary write to the file system, but at the moment the module only supports Windows 2003 SP2 or older.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2014-2424
SHA-256 | 354b179956fa5730561cdacb3cb83ea87cbbaf8af2b2d69f7b545cc36d2d4223
Oracle SID Detection Techniques Part 4
Posted Jun 15, 2014
Authored by Ali Abbasi

Whitepaper called Oracle SID Detection Techniques - Part 1. Written in Persian.

tags | paper
SHA-256 | 216902657ee1a360c1b1d862f34bf7cec694092990536e667eff806c67124f16
Oracle SID Detection Techniques Part 3
Posted Jun 15, 2014
Authored by Ali Abbasi

Whitepaper called Oracle SID Detection Techniques - Part 3. Written in Persian.

tags | paper
SHA-256 | 99d5fc68bd7f308a7fb0286580dfe9fb08fa67f54a4512ba6fc79242096c12a4
Oracle SID Detection Techniques Part 2
Posted Jun 15, 2014
Authored by Ali Abbasi

Whitepaper called Oracle SID Detection Techniques - Part 2. Written in Persian.

tags | paper
SHA-256 | dce6b5307b6f20bb7d98b49054356d04c564fab5330fc55d8943a23c414fdf59
Oracle SID Detection Techniques Part 1
Posted Jun 15, 2014
Authored by Ali Abbasi

Whitepaper called Oracle SID Detection Techniques - Part 1. Written in Persian.

tags | paper
SHA-256 | b840fcc9f91bdcdd628bf96a2b8007f515b3578cf72d2146034d794c32e08817
Oracle Forms / Reports Remote Code Execution
Posted Feb 18, 2014
Authored by Mekanismen, Dana Taylor | Site metasploit.com

This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell from a remote url to a known local path disclosed from the previous vulnerability. The local path being accessible from an URL then allows us to perform the remote code execution using for example a .jsp shell. Tested on Windows and Oracle Forms and Reports 10.1.

tags | exploit, remote, arbitrary, shell, local, vulnerability, code execution
systems | windows
advisories | CVE-2012-3152, CVE-2012-3153, OSVDB-86395, OSVDB-86394
SHA-256 | 0ae51161a01d969079b5ae31c9e558381714eaaed892cb6da032845477f29e85
Oracle Endeca Server Remote Command Execution
Posted Aug 24, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This Metasploit module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).

tags | exploit, web
systems | windows
advisories | CVE-2013-3763, OSVDB-95269
SHA-256 | fdafe64c526b291f8bc73bfd5eb8e62b37efd1524e773b087d3cc9cb3a8c5297
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution
Posted Jun 2, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit modules exploits a vulnerability found in the Oracle WebCenter Content CheckOutAndOpenControl ActiveX. This vulnerability exists in openWebdav(), where user controlled input is used to call ShellExecuteExW(). This Metasploit module abuses the control to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the CheckOutAndOpenControl ActiveX installed with Oracle WebCenter Content 11.1.1.6.0.

tags | exploit, remote, arbitrary, activex
advisories | CVE-2013-1559, OSVDB-92386
SHA-256 | b0e1c2b4d5000f5d54ab03faad81b1e6f76cdaf93878521b78deb176531d5582
Oracle Auto Service Request File Clobber
Posted Feb 5, 2013
Authored by Larry W. Cashdollar

Oracle Auto Service Request creates files insecurely in /tmp using time stamps instead of mkstemp(). Due to this, it is possible to clobber root owned files and possibly cause a denial of service condition or worse.

tags | exploit, denial of service, root
systems | solaris
SHA-256 | 3201569e185a30abb901fe01ff0684a58d22ab75b3d2eb41883373ead659d4e8
Oracle Automated Service Manager 1.3 Local Root
Posted Feb 1, 2013
Authored by Larry W. Cashdollar

Oracle Automated Service Manager version 1.3 suffers from a local root privilege escalation vulnerability during install.

tags | exploit, local, root
SHA-256 | 541a2508bc332207de3f68c469abd43870d40347d9628cf361e59c570beb5ac0
Oracle BTM FlashTunnelService Remote Code Execution
Posted Sep 15, 2012
Authored by rgod, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to arbitrary locations. In order to execute remote code two techniques are provided. If the Oracle app has been deployed in the same WebLogic Samples Domain a JSP can be uploaded to the web root. If a new Domain has been used to deploy the Oracle application, the Windows Management Instrumentation service can be used to execute arbitrary code. Both techniques has been successfully tested on default installs of Oracle BTM 12.1.0.7, Weblogic 12.1.1 and Windows 2003 SP2. Default path traversal depths are provided, but the user can configure the traversal depth using the DEPTH option.

tags | exploit, remote, web, arbitrary, root
systems | windows
advisories | OSVDB-85087
SHA-256 | 7ce41ed8870542efde605f50001955d8595ff56317328c0892477dec49dbddec
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Posted Aug 7, 2012
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).

tags | exploit, java, web, overflow, code execution, activex
advisories | CVE-2012-0549, OSVDB-81439
SHA-256 | d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4d
Oracle TNS Poison
Posted Apr 26, 2012
Authored by Joxean Koret

Oracle Database versions 8i to 11g R2 suffers from a TNS related vulnerability that allow for a remote attacker to route legitimate connections to a malicious system.

tags | advisory, remote
SHA-256 | f6e015e3231892e2f60f0fdb097e58a74a7d728f40df74879e8d6435fe601648
Oracle GlassFish Server 3.1.1 Build 12 Cross Site Scripting
Posted Apr 21, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.

tags | exploit, web, vulnerability, xss
advisories | CVE-2012-0551
SHA-256 | 483308f8a564fa501d764b451f997bd57808a2fe9a67f2ce80beea114ee97f8c
Oracle GlassFish Server 3.1.1 Cross Site Request Forgery
Posted Apr 19, 2012
Authored by Roberto Suggi Liverani | Site security-assessment.com

Oracle GlassFish Server version 3.1.1 build 12 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2012-0550
SHA-256 | 1ab958cd22e7204426b09ede8bb2230718a9c906cf7ed05673dd8784c94bdb4a
Page 1 of 4
Back1234Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close