what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Oracle WebLogic wls-wsat Component Deserialization Remote Code Execution
Posted Jan 28, 2018
Authored by Alexey Tyurin, Federico Dotta, Kevin Kirsche, Luffin | Site metasploit.com

The Oracle WebLogic WLS WSAT component is vulnerable to an XML deserialization remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.

tags | exploit, remote, code execution
advisories | CVE-2017-10271
MD5 | 2daa838b9b2485cace670442af754ec5

Related Files

Oracle Weblogic Server Deserialization Remote Code Execution
Posted May 7, 2019
Authored by Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.

tags | exploit
advisories | CVE-2019-2725
MD5 | 48d582e1324b4c48af0827e0f09bf82e
Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution
Posted Apr 2, 2019
Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (sun.rmi.server.UnicastRef) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2017-3248
MD5 | de51f5ac510e0d7edb164eb71a9896d6
Oracle Weblogic Server Deserialization MarshalledObject Remote Code Execution
Posted Apr 1, 2019
Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2016-3510
MD5 | 73d8d9705d5c9f614936a80d2fffaf41
Oracle Weblogic Server Deserialization Remote Code Execution
Posted Mar 27, 2019
Authored by Steve Breen, Aaron Soto, Andres Rodriguez | Site metasploit.com

This Metasploit module demonstrates that an unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.jms.common.StreamMessag eImpl) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2015-4852
MD5 | 0d0f0ea424fe79508cb57b9319ad05f5
Oracle Weblogic Server Deserialization Remote Code Execution
Posted Aug 10, 2018
Authored by Jacob Robles, brianwrf | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2018-2628
MD5 | 34445a6b0bb22228fd001e360edf4719
Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues
Posted Jul 20, 2018
Authored by Denis Andzakovic

Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2018-2933, CVE-2018-2998
MD5 | 8148b832465acbeccd85c4e873dbde29
oracle-bypass.txt
Posted Apr 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

It is possible to bypass the Oracle database logon trigger.

tags | advisory, bypass
MD5 | ba879f41e61c4de0182c8befb8d32e77
oracle-inject-bunker.txt
Posted Mar 29, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPM$MCP.MAIN SQL injection exploit version 1.

tags | exploit, sql injection
MD5 | 2a8a0eec2a5ea3879a641b43d8d6fbbe
oracle-inject.txt
Posted Mar 29, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPM$MCP.MAIN SQL injection exploit version 2.

tags | exploit, sql injection
MD5 | 3c82a6a31634f209db1f378f07bb02ac
oraclekupv-perm.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPW$WORKER.MAIN Grant/Revoke dba permission exploit.

tags | exploit
MD5 | 1a6267279e19948c6072527708174f73
oracleaj-perm.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g KUPV$FT.ATTACH_JOB Grant/Revoke dba permission exploit.

tags | exploit
MD5 | 6fb3017bb9503cb8908f5d5cb7c842a4
oracledmgd-sql.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g DBMS_METADAT.GET_DDL SQL injection exploit.

tags | exploit, sql injection
MD5 | 71acef009fa8b3c40754bc1da41c19d1
oracleas-sql.txt
Posted Feb 24, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 10g ACTIVATE_SUBSCRIPTION SQL injection exploit.

tags | exploit, sql injection
MD5 | 49ff44ec8c17669878633b99af09076c
oracle-sql.txt
Posted Feb 6, 2007
Authored by Andrea Purificato | Site rawlab.mindcreations.com

Oracle 9i/10g DBMS_EXPORT_EXTENSION SQL injection exploit.

tags | exploit, sql injection
MD5 | e8c1ad7a358b928402e6586d17beed9f
oracle-6.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_CAPTURE_ADM_INTERNAL package that is used internally by the Streams Change Data Capture component. This package contains the procedures CREATE_CAPTURE, ALTER_CAPTURE, ABORT_TABLE_INSTANTIATION that are vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | c3d6ff1ddae8ab45d2292921bf47168c
oracle-5.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_LOGREP_UTIL package that is used internally by Oracle. This package contains the procedure GET_OBJECT_NAME which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | 2165936a9b0f7ce36ab92857ddd4f6d5
oracle-4.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_REPCAT_UNTRUSTED package that can be used to administer a replicated environment. This package contains the procedure UNREGISTER_SNAPSHOT which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | 7f7dbe72bc9222e1c0d5fe5efdc4ffd7
oracle-3.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.

tags | advisory, denial of service, overflow
MD5 | 9f64e41f2ecd5b7b793a8920c01ba5dd
oracle-2.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_LOGMNR package that contains procedures used to initialize the LogMiner tool. This package contains the procedure ADD_LOGFILE which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | eea0706ed5c842c047b120a62eb8c46d
oracle-1.txt
Posted Jan 27, 2007
Site appsecinc.com

The Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
MD5 | 1844076621023b56b018cd7fbd2f0068
oracle10g-3.txt
Posted Jan 24, 2007
Authored by Joxean Koret

Oracle 10g SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL SQL injection exploit.

tags | exploit, sql injection
MD5 | cdfc10dc1336a499c185b532bc08da26
oracle10g-2.txt
Posted Jan 24, 2007
Authored by Joxean Koret

Oracle 10g SYS.KUPW$WORKER.MAIN PL SQL injection exploit.

tags | exploit, sql injection
MD5 | 2806eef20abda4f9f473aeef06537bf7
oracle10g-1.txt
Posted Jan 24, 2007
Authored by Joxean Koret

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL SQL injection exploit.

tags | exploit, sql injection
MD5 | e171f4cf083bf77791913273a9874716
oracle--isa-xss.txt
Posted Jan 20, 2007
Authored by Vicente Aguilera Diaz

The Oracle Reports Web Cartridge (RWCGI60) is susceptible to cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 65270c446e599966e5729e8f948b2d04
oraclepasswords.pdf
Posted Jan 16, 2007
Authored by Paul Wright | Site ngssoftware.com

New Oracle Security Paper - How to secure Oracle passwords from rainbow tables and new password cracking patches. Also includes a free audit tool called OraBrute to brute force SYS AS SYSDBA in order to check that it has been secured. Unfortunately by default it is not but can be secured by following this papers recommendations.

tags | paper
MD5 | 3f8b0391b5ebe78432c6c00880ddfdbd
Page 1 of 4
Back1234Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close