exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Oracle ATS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, Zhou Yu | Site metasploit.com

This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

tags | exploit, arbitrary, shell, file upload
MD5 | 70475f3d47267994bd9b861afc21614b

Related Files

oracle_sql_injection_dbms_prvtaqis.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in package DBMS_PRVTAQIS.

tags | advisory, sql injection
MD5 | d8aff3c7d04f6dc394e84c3ce6d8d1cb
oracle_cpu_jul_2007.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g Release 2 allow updates, deletes and inserts via specially crafted views without having the right privileges.

tags | advisory
MD5 | 983012a6e51d19bba18e796f5e0b9fc0
oracle-tns.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

The Oracle Discoverer Servlet suffers from a flaw that allows for the TNS listener to be shutdown.

tags | advisory
MD5 | 139953228fdc6b809e7be457825c83db
oracle1016-xss.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle Secure Enterprise Search version 10.1.6 suffers from a cross site scripting flaw.

tags | exploit, xss
MD5 | 77c1ee2611b686caf0fa1c71b7e5ec7c
oracle-sqlinj2.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_UPGRADE_INTERNAL.

tags | advisory, sql injection
MD5 | 51bc74ce0b8c40bf62219e2aba7ad9c0
oracle-sqlinj.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g release 2 suffers from a SQL injection vulnerability in SYS.DBMS_AQADM_SYS.

tags | advisory, sql injection
MD5 | cfe3302cf32f35303852be4d404d2204
oracle-bypass.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

It is possible to bypass the Oracle database logon trigger.

tags | advisory, bypass
MD5 | ba879f41e61c4de0182c8befb8d32e77
oracle-inject-bunker.txt
Posted Mar 29, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPM$MCP.MAIN SQL injection exploit version 1.

tags | exploit, sql injection
MD5 | 2a8a0eec2a5ea3879a641b43d8d6fbbe
oracle-inject.txt
Posted Mar 29, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPM$MCP.MAIN SQL injection exploit version 2.

tags | exploit, sql injection
MD5 | 3c82a6a31634f209db1f378f07bb02ac
oraclekupv-perm.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPW$WORKER.MAIN Grant/Revoke dba permission exploit.

tags | exploit
MD5 | 1a6267279e19948c6072527708174f73
oracleaj-perm.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPV$FT.ATTACH_JOB Grant/Revoke dba permission exploit.

tags | exploit
MD5 | 6fb3017bb9503cb8908f5d5cb7c842a4
oracledmgd-sql.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g DBMS_METADAT.GET_DDL SQL injection exploit.

tags | exploit, sql injection
MD5 | 71acef009fa8b3c40754bc1da41c19d1
oracleas-sql.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g ACTIVATE_SUBSCRIPTION SQL injection exploit.

tags | exploit, sql injection
MD5 | 49ff44ec8c17669878633b99af09076c
oracle-sql.txt
Posted Feb 6, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 9i/10g DBMS_EXPORT_EXTENSION SQL injection exploit.

tags | exploit, sql injection
MD5 | e8c1ad7a358b928402e6586d17beed9f
oracle-6.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_CAPTURE_ADM_INTERNAL package that is used internally by the Streams Change Data Capture component. This package contains the procedures CREATE_CAPTURE, ALTER_CAPTURE, ABORT_TABLE_INSTANTIATION that are vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | c3d6ff1ddae8ab45d2292921bf47168c
oracle-5.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_LOGREP_UTIL package that is used internally by Oracle. This package contains the procedure GET_OBJECT_NAME which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | 2165936a9b0f7ce36ab92857ddd4f6d5
oracle-4.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_REPCAT_UNTRUSTED package that can be used to administer a replicated environment. This package contains the procedure UNREGISTER_SNAPSHOT which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | 7f7dbe72bc9222e1c0d5fe5efdc4ffd7
oracle-3.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.

tags | advisory, denial of service, overflow
MD5 | 9f64e41f2ecd5b7b793a8920c01ba5dd
oracle-2.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_LOGMNR package that contains procedures used to initialize the LogMiner tool. This package contains the procedure ADD_LOGFILE which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | eea0706ed5c842c047b120a62eb8c46d
oracle-1.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | 1844076621023b56b018cd7fbd2f0068
oracle10g-3.txt
Posted Jan 24, 2007
Authored by Joxean Koret

Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL SQL injection exploit.

tags | exploit, sql injection
MD5 | cdfc10dc1336a499c185b532bc08da26
oracle10g-2.txt
Posted Jan 24, 2007
Authored by Joxean Koret

Oracle 10g SYS.KUPW$WORKER.MAIN PL SQL injection exploit.

tags | exploit, sql injection
MD5 | 2806eef20abda4f9f473aeef06537bf7
oracle10g-1.txt
Posted Jan 24, 2007
Authored by Joxean Koret

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL SQL injection exploit.

tags | exploit, sql injection
MD5 | e171f4cf083bf77791913273a9874716
oracle--isa-xss.txt
Posted Jan 20, 2007
Authored by Vicente Aguilera Diaz

The Oracle Reports Web Cartridge (RWCGI60) is susceptible to cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 65270c446e599966e5729e8f948b2d04
oraclepasswords.pdf
Posted Jan 16, 2007
Authored by Paul Wright | Site ngssoftware.com

New Oracle Security Paper - How to secure Oracle passwords from rainbow tables and new password cracking patches. Also includes a free audit tool called OraBrute to brute force SYS AS SYSDBA in order to check that it has been secured. Unfortunately by default it is not but can be secured by following this papers recommendations.

tags | paper
MD5 | 3f8b0391b5ebe78432c6c00880ddfdbd
Page 1 of 4
Back1234Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close