what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Oracle Database Password Hash Unauthorized Access
Posted Jun 11, 2024
Authored by Emad Al-Mousa

Oracle Database versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c allows for unauthorized access to password hashes by an account with the DBA role.

tags | exploit, info disclosure
advisories | CVE-2020-2969
SHA-256 | edea13d6bbb4e899e5a14a7b29742067ce892997ff2cae4bac02dd2d1a895ab2

Related Files

Secunia Security Advisory 50143
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David Litchfield has reported a vulnerability in Oracle Database, which can be exploited by malicious users to gain escalated privileges.

tags | advisory
SHA-256 | c0e217a5a59ee9cffe7edc6da96fa7ac2c6c0b6ddda4477b3549a3266b2ea978
Secunia Security Advisory 49881
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | cf43f166066e4c3f3399e4b4fbfd601023160e082969dd1cef858a9c834dda4d
Oracle TNS Poison
Posted Apr 26, 2012
Authored by Joxean Koret

Oracle Database versions 8i to 11g R2 suffers from a TNS related vulnerability that allow for a remote attacker to route legitimate connections to a malicious system.

tags | advisory, remote
SHA-256 | f6e015e3231892e2f60f0fdb097e58a74a7d728f40df74879e8d6435fe601648
Oracle Database Server Password Hash Leak
Posted Apr 20, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from a password hash information leak in the OCIPasswordChange API.

tags | advisory
advisories | CVE-2012-0511
SHA-256 | e2d8ceacee689c85e629fe5bfcccd557fbcf5ea5105b2a0f0175aef82bc1a1bb
Oracle Failed Logging On Password Attempts
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) have an issue where failed authentication attempts using the OCIPasswordChange API are not recorded.

tags | advisory
advisories | CVE-2012-0511
SHA-256 | 173e01a97b485a5516ae3a72a066b88d84c9785fbf34fde460d39e1a7ee0dcb4
Secunia Security Advisory 48855
Posted Apr 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to compromise a vulnerable system, by malicious users and malicious people to disclose potentially sensitive information and manipulate certain data, and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 5627370fdc48f7d081fa1e96794a6f7f6cf7ac7a58192d5e782fc52f26654e8e
Secunia Security Advisory 47615
Posted Jan 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to cause a DoS (Denial of Service) and manipulate certain data and by malicious people to cause a DoS.

tags | advisory, denial of service, vulnerability
SHA-256 | 3d7026099c4f74724e1b84879412e5094623a43595085d893cda05ff9feca413
Secunia Security Advisory 46502
Posted Oct 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, conduct SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability, sql injection
SHA-256 | 5af7777a1664ea59294674b99f4687857d2a23668eefab846e15e21c58c7d9fd
Oracle Database Spatial SQL Injection
Posted Oct 21, 2011
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.

tags | advisory, sql injection
advisories | CVE-2011-3512
SHA-256 | 4616869b107611943cfb158aaeb48dfebc849d4b8aa5d6f570567435e9d23081
Oracle Database Account Management Protection Bypass
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege or DV_ACCTMGR role can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).

tags | advisory, bypass
advisories | CVE-2011-2322, CVE-2011-3511
SHA-256 | 08eb0063be1a9f53dacc8a42dfd1b62599503ff8a01981427d4b037d0ff49eff
Oracle Database CTXSYS.DRVDISP.TABLEFUNC_ASOWN Buffer Overflow
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server provides the CTXSYS.DRVDISP package that is part of Oracle Text component. This package contains the function TABLEFUNC_ASOWN which is vulnerable to buffer overflow attacks when it is called with a long string in their parameters.

tags | advisory, overflow
advisories | CVE-2011-2301
SHA-256 | 1770f12dffe5349b52e240a1777ecd2d6c40866b8e7d13e00fc89042de1955e0
Oracle Enterprise Manager metricDetail$type Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site scripting vulnerability in metricDetail$type page.

tags | advisory, xss
advisories | CVE-2011-0876, CVE-2011-0879
SHA-256 | 087486ac60948e189899abff4dae7805c01b78640fe84839c801c1715472c761
Oracle Enterprise Manager Sitemap Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 suffer from a cross site scripting vulnerability in the sitemap page.

tags | advisory, xss
advisories | CVE-2011-0877, CVE-2011-0881
SHA-256 | 2d2e8a23b77a464daf4d66e9542bc1895e84d4678c78de23ce14000bbad606b1
Oracle Enterprise Manager notifRuleInfo$mode Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.

tags | advisory, xss
advisories | CVE-2011-0830
SHA-256 | d989295721cf25dcaaf465c895ff883a1a87f32d52287e19579dc907b0d097ef
Oracle Enterprise Manager Cross Site Request Forgery
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5, 11.1.0.1 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site request forgery.

tags | advisory, csrf
advisories | CVE-2011-0822, CVE-2011-0845, CVE-2011-0848, CVE-2011-0852, CVE-2011-0870, CVE-2011-2257
SHA-256 | d4672741754f3365fd9a11174f8e639731c1141c66b463d714e1cd9022daa858
Secunia Security Advisory 45274
Posted Jul 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious users to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system, and by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
SHA-256 | 885514204c88dfb216ee53464b1e0b91bf85f9c592d72e554ec45f99abd7a31e
Technical Cyber Security Alert 2011-201A
Posted Jul 20, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-201A - Oracle Database, Oracle Secure Backup, Oracle Fusion Middleware, and various other Oracle products suffer from vulnerabilities including remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
SHA-256 | 7c1bd1e3b5f0d9d514eee9dfcd1fbedbbcc91a1a8fc792a16611e4b45ca60fd3
Oracle Database Server Network Denial Of Service
Posted May 3, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database. Affected are Oracle Database Server versions 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform).

tags | advisory
systems | windows
advisories | CVE-2011-0806
SHA-256 | 6061c4891857303cc29e065da2ea05260f71114bccb80e80eab2d4b335fe434d
Secunia Security Advisory 44260
Posted Apr 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system and by malicious people to manipulate certain data and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 3f881c8ad8e80a2ba1af05d48b3c7bd34886471c870eb7f9f6f1140db1d69ba6
Secunia Security Advisory 43337
Posted Feb 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Oracle Database, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 01e08754bbdeed339ead01cd46ba36abbd36655574520e2dd14d538d808a42db
Oracle Database Vault Administrator Session ID Disclosure
Posted Jan 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR2, 11gR1 and 11gR2 suffer from a session id extraction vulnerability.

tags | advisory, info disclosure
advisories | CVE-2010-4420
SHA-256 | eef562c85e54780f81de814c641965c168f2e9b2b4076a28c77c679bc80f39a5
Oracle Database Vault Administrator XSRF
Posted Jan 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - The Oracle Database Vault Administrator web console lacks any sort of cross site request forgery protection.

tags | advisory, web, csrf
advisories | CVE-2010-4421
SHA-256 | 013e587bb10c3bf7704f61efe60bbec7cc861cbd1561e4b1b1c66e862db60f5a
Secunia Security Advisory 42895
Posted Jan 20, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and gain escalated privileges, by malicious users and malicious people to disclose potentially sensitive information, manipulate certain data, and by malicious people to compromise a vulnerable system.

tags | advisory, local, vulnerability
SHA-256 | 99f9aa6984aa2d90a97350e1d58dade67bfca3664459ae9901bc565431609681
Zero Day Initiative Advisory 11-018
Posted Jan 18, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability. The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The script allows clients to upload XML files to the server. However, if a NULL byte is supplied within a POST parameter during a request to this JSP page, the process will fail to properly append the XML extension to the created file. An attacker can abuse this to upload executable code which can later be accessed remotely allowing for code execution to be achieved on the server system.

tags | advisory, remote, web, arbitrary, tcp, code execution, xxe
advisories | CVE-2010-3600
SHA-256 | 3bd281000cfd17d6e0cbe8970acd9a2c2747a247c89b767f601b96b948f70261
Oracle Database CREATE_CHANGE_SET SQL Injection
Posted Oct 15, 2010
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in CREATE_CHANGE_SET procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.

tags | advisory, sql injection
advisories | CVE-2010-2415
SHA-256 | a4826476bad8dd89e0725984586be712f1bfa2620f4faad2b0e241fb72a4af3a
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close