exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 43 RSS Feed

Files

oas408-exp.pl
Posted Jul 10, 2003
Authored by Fyodor | Site notlsd.net

Oracle application server 4.0.8.2 + Netscape Enterprise 4.0 webserver remote exploit in perl which attempts to execute commands remotely as root. Netscape Enterprise webserver must be configured as external 'web listener' for Oracle. Overflow happens when a long string requested with prefix which has been 'linked' to oas. by default it is /jsp/. Takes advantage of the Oracle Application Server shared library buffer overflow which affects Oracle application server 4.0.8.2 + iWS 4.0/4.1 webserver, running on Sparc/Solaris 2.7.

tags | exploit, remote, web, overflow, root, perl
systems | solaris
SHA-256 | 045f497e451554365c75a888a54888851684db64b10d241f5348b3d6b422abc1

Related Files

Online Admission System 1.0 Remote Code Execution
Posted Jan 5, 2022
Authored by Jeremiasz Pluta

Online Admission System version 1.0 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | f9eae7730f2082038c9c6ef73b31857d2530f0ad86f0edd9e3f31a65e8ad3d55
Oracle Application Express AnyChart Flash-Based Cross Site Scripting
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method.

tags | exploit, xss
advisories | CVE-2018-2699
SHA-256 | fb135bb3e65032ece683796f6d00e171ccf703a496743031b7e8f5ac177dc40c
Oracle ATS Arbitrary File Upload
Posted May 24, 2016
Authored by wvu, Zhou Yu | Site metasploit.com

This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.

tags | exploit, arbitrary, shell, file upload
SHA-256 | 472df2245622a97749e8706f2ba968606decb46822546f51bf7cc6c5391ad65f
Oracle Application Express Cross Site Scripting
Posted Jul 17, 2015
Authored by F. Lukavsky | Site sec-consult.com

The gReport Controls Sort Widget in Oracle Application Express is prone to permanent cross site scripting. The setting "display as" of the column attributes is ignored for the filter list. Versions prior to 4.2.3.00.08 are affected.

tags | exploit, xss
advisories | CVE-2015-2655
SHA-256 | c9ce7cae929b2bfcfbbd561c21486f566a196d3064d30611bb77669161526837
Oracle Auto Service Request File Clobber
Posted Mar 1, 2013
Authored by Larry W. Cashdollar

Oracle Auto Service Request insecure creates files in /tmp using time stamps allow for root-owned files to be clobbered.

tags | exploit, root
SHA-256 | 62958024223f7ff7956367f2a7735ad90e0b9970a5455344602162eceb1fc1e4
Secunia Security Advisory 51895
Posted Jan 16, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Application Server, which can be exploited by malicious people to manipulate certain data.

tags | advisory
SHA-256 | b3de4737a0bb54b85d32261d1df022be5c2ccf7517e4fd08a3b57fb738fd8bb4
Oracle Application Framework Diagnostic Mode Bypass
Posted Jan 16, 2013
Authored by David Byrne | Site trustwave.com

The Oracle Application Framework supports diagnostic and developer mode features that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1". Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.

tags | exploit
advisories | CVE-2013-0397
SHA-256 | 593d275e9cad209f5d011018dd31b2516f2313f9799e0b9003a957d008d05c0b
Oracle BTM FlashTunnelService Remote Code Execution
Posted Sep 15, 2012
Authored by rgod, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to arbitrary locations. In order to execute remote code two techniques are provided. If the Oracle app has been deployed in the same WebLogic Samples Domain a JSP can be uploaded to the web root. If a new Domain has been used to deploy the Oracle application, the Windows Management Instrumentation service can be used to execute arbitrary code. Both techniques has been successfully tested on default installs of Oracle BTM 12.1.0.7, Weblogic 12.1.1 and Windows 2003 SP2. Default path traversal depths are provided, but the user can configure the traversal depth using the DEPTH option.

tags | exploit, remote, web, arbitrary, root
systems | windows
advisories | OSVDB-85087
SHA-256 | 7ce41ed8870542efde605f50001955d8595ff56317328c0892477dec49dbddec
Secunia Security Advisory 49918
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and manipulate certain data.

tags | advisory, vulnerability
SHA-256 | 7ab8359d4ae84f812c0551ba6f3e3acd024730c073e77b91edf3e7cfc52d551e
Secunia Security Advisory 47616
Posted Jan 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | dfdd49f0784f32b5985555436470d3dd96028fd5e53e4a383d728cd7d90d2233
Secunia Security Advisory 46000
Posted Nov 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a vulnerability in Oracle Fusion Middleware and Oracle Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | a1eb9eb4352da2b20f15595902e8a444cc95385e0e8962a64a1e8b76f54a170f
Secunia Security Advisory 46516
Posted Oct 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and malicious people to manipulate certain data.

tags | advisory, vulnerability
SHA-256 | b394f93a52ac154b40da3af3f055f1364a7746d194e00a2ea3ad727931ee0c74
Secunia Security Advisory 45270
Posted Jul 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users to manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 3cc11d439aa5656636cc110ae0ca86139642af43c7d6484e5867b7b7437c4d34
Oracle HTTP Server Header Cross Site Scripting
Posted Jun 14, 2011
Authored by Yasser ABOUKIR

Oracle HTTP Server for Oracle Application Server 10g version 10.1.2.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
advisories | CVE-2006-3918, CVE-2007-0275
SHA-256 | 5605a7900ae46fcd7c6417e203f5ed51d69bdc5e60c926f300ac380833c937aa
Secunia Security Advisory 44293
Posted Apr 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data.

tags | advisory, vulnerability
SHA-256 | b381040188964a724b0cf21310991d978114bd4e0098a5eff098a0e1a99cfac9
Secunia Security Advisory 38034
Posted Jan 13, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to disclose potentially sensitive information or manipulate certain data.

tags | advisory, local, vulnerability
SHA-256 | b78dd8c289bcd4b1861e4281fd64c52675a35c3c1d2d237cb133d0030c4b963b
Secunia Security Advisory 37099
Posted Oct 21, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Oracle Application Server and Oracle Business Intelligence Enterprise Edition, which can be exploited to manipulate certain data or disclose sensitive information.

tags | advisory, vulnerability
SHA-256 | 513935a6afd2319e33ce4ed79f4f3619677f5c109a7a7fd6710a70c436736257
Zero Day Initiative Advisory 09-017
Posted Apr 15, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Applications Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Oracle Process Manager and Notification (opmn) daemon which is an HTTP daemon listening on a TCP port above 6000. The daemon fails to properly handle format string tokens in the POST URI when logging to the file $ORACLE_HOME/opmn/logs/opmn.log. Exploitation of this issue can result in arbitrary code execution.

tags | advisory, remote, web, arbitrary, tcp, code execution
SHA-256 | d4a0cae85f98836a15a513e84a677bf8efe05f9345b1dae4573ab58863fa97d9
Secunia Security Advisory 33761
Posted Feb 2, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 048b131889565044a93aa7ca1a42d14b7289d29aa71789b21b0b96f57db95fba
Oracle AS Portal Cross Site Scripting
Posted Jan 29, 2009
Authored by DoZ | Site hackerscenter.com

The Oracle Application Server Portal 10g suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a2058580468d54d3295d3c90c7ede45a38a5eef3a30cfc9c97d7592c7faa7c26
Oracle Containers For Java Traversal
Posted Jan 21, 2009
Authored by Sirdarckcat | Site sirdarckcat.net

The Oracle Containers For Java (OC4J) in the Oracle Application Server 10g suffers from a directory traversal vulnerability.

tags | exploit, java, file inclusion
advisories | CVE-2008-2938
SHA-256 | d382fb99ab02805477ef1961d910f2d0495189ba45d6a79eff38e57289168967
Oracle Application Server Cross Site Scripting
Posted Jan 15, 2009
Authored by Sh2kerr | Site dsecrg.com

The Oracle Application Server (SOA) version 10.1.3.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2008-4014
SHA-256 | 71a8b7fa46ff9286352fa3111468631c894065fdb407028c2f0c0d26a954a3cd
oracle-privilege.txt
Posted Oct 22, 2008
Authored by Pete Finnigan | Site petefinnigan.com

Oracle Application Express (APEX) suffers from an excessive privileges issue in relation to the FLOWS database schema/user account.

tags | advisory
SHA-256 | 882a4730a9ac5f34d49c20a010a691e36ff7442ad833b301e662a5a8e1396987
shatter-oaswwexp.txt
Posted Aug 4, 2008
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - The Oracle Application Server versions 9.0.4.3, 10.1.2.2, and 10.1.4.1 all suffer from a SQL injection vulnerability in WWEXP_API_ENGINE.

tags | advisory, sql injection
SHA-256 | b5e22befb6f5545994e31ab429556c724d4b8074451a9b877ac039fe66e9f6e3
NISR15072008.txt
Posted Jul 16, 2008
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Oracle Application Server installs a number of PLSQL packages in the backend database server. One of these is the WWV_RENDER_REPORT package and it is vulnerable to PLSQL injection. This package uses definer rights execution and therefore executes with the privileges of the owner, in this case the highly privileged PORTAL user.

tags | advisory, sql injection
advisories | CVE-2008-2589
SHA-256 | 9b8fadd595dfccce56403731ee006274cd61e8b1f62476460b18211d7135e98e
Page 1 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    19 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close