what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

ods-overflow.txt
Posted Apr 19, 2007
Authored by Esteban Martinez Fayo | Site appsecinc.com

Oracle Database Server version 8i, 9i, and 10gR1 suffer from buffer overflow vulnerabilities in DBMS_SNAP_INTERNAL.

tags | advisory, overflow, vulnerability
MD5 | f135f4a0c24a28e808cc3d0d4ad7c9fc

Related Files

Secunia Security Advisory 50143
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David Litchfield has reported a vulnerability in Oracle Database, which can be exploited by malicious users to gain escalated privileges.

tags | advisory
MD5 | 9931aacaec1e89ba349ca2d6234ab35d
Secunia Security Advisory 49881
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
MD5 | 59b63b25897f880cb4c83e9a34429ffc
Oracle TNS Poison
Posted Apr 26, 2012
Authored by Joxean Koret

Oracle Database versions 8i to 11g R2 suffers from a TNS related vulnerability that allow for a remote attacker to route legitimate connections to a malicious system.

tags | advisory, remote
MD5 | 133f8f238c68c33bae7a4b19ccf6384f
Oracle Database Server Password Hash Leak
Posted Apr 20, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from a password hash information leak in the OCIPasswordChange API.

tags | advisory
advisories | CVE-2012-0511
MD5 | 02873b18304774a652a3303cdbe3fc5f
Oracle Failed Logging On Password Attempts
Posted Apr 19, 2012
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) have an issue where failed authentication attempts using the OCIPasswordChange API are not recorded.

tags | advisory
advisories | CVE-2012-0511
MD5 | 3e25a4e65d6288bc5e58d726eeb0edd9
Secunia Security Advisory 48855
Posted Apr 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to compromise a vulnerable system, by malicious users and malicious people to disclose potentially sensitive information and manipulate certain data, and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 38c16ec254f2e037391998f81920ad40
Secunia Security Advisory 47615
Posted Jan 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to cause a DoS (Denial of Service) and manipulate certain data and by malicious people to cause a DoS.

tags | advisory, denial of service, vulnerability
MD5 | f7b1295b3071970b229effc7969dbd27
Secunia Security Advisory 46502
Posted Oct 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, conduct SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability, sql injection
MD5 | ab5be8873b55ce9d6d9abf824c04d864
Oracle Database Spatial SQL Injection
Posted Oct 21, 2011
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.

tags | advisory, sql injection
advisories | CVE-2011-3512
MD5 | e08529db7d889b77fa6c6e0e66399cda
Oracle Database Account Management Protection Bypass
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege or DV_ACCTMGR role can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).

tags | advisory, bypass
advisories | CVE-2011-2322, CVE-2011-3511
MD5 | 0d678abb8951e4e5b33a39a30bb28be7
Oracle Database CTXSYS.DRVDISP.TABLEFUNC_ASOWN Buffer Overflow
Posted Oct 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server provides the CTXSYS.DRVDISP package that is part of Oracle Text component. This package contains the function TABLEFUNC_ASOWN which is vulnerable to buffer overflow attacks when it is called with a long string in their parameters.

tags | advisory, overflow
advisories | CVE-2011-2301
MD5 | 50ad7e842ac32d4e10e36a4484393ab8
Oracle Enterprise Manager metricDetail$type Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site scripting vulnerability in metricDetail$type page.

tags | advisory, xss
advisories | CVE-2011-0876, CVE-2011-0879
MD5 | 36663f9f5df75d6e616046b0ab069b17
Oracle Enterprise Manager Sitemap Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 suffer from a cross site scripting vulnerability in the sitemap page.

tags | advisory, xss
advisories | CVE-2011-0877, CVE-2011-0881
MD5 | 074b382d93e1031d93862e8ee423f22d
Oracle Enterprise Manager notifRuleInfo$mode Cross Site Scripting
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.

tags | advisory, xss
advisories | CVE-2011-0830
MD5 | 2cd1a5640d61e5bd0047d892e7e2491d
Oracle Enterprise Manager Cross Site Request Forgery
Posted Jul 28, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5, 11.1.0.1 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site request forgery.

tags | advisory, csrf
advisories | CVE-2011-0822, CVE-2011-0845, CVE-2011-0848, CVE-2011-0852, CVE-2011-0870, CVE-2011-2257
MD5 | bd8293c27bf37bfe376792bf31670766
Secunia Security Advisory 45274
Posted Jul 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious users to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system, and by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
MD5 | f6dca7788d3a5ea800244e710800cab6
Technical Cyber Security Alert 2011-201A
Posted Jul 20, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-201A - Oracle Database, Oracle Secure Backup, Oracle Fusion Middleware, and various other Oracle products suffer from vulnerabilities including remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
MD5 | cf76371fba081e3235d374847aeb05fe
Oracle Database Server Network Denial Of Service
Posted May 3, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database. Affected are Oracle Database Server versions 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform).

tags | advisory
systems | windows
advisories | CVE-2011-0806
MD5 | 5f58134438d3e214c4055ad4215c60d9
Secunia Security Advisory 44260
Posted Apr 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system and by malicious people to manipulate certain data and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 873fd13495abac66506679485d6b17b0
Secunia Security Advisory 43337
Posted Feb 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Oracle Database, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | e592f58a2a6aa68a0271a86d2b25f34a
Oracle Database Vault Administrator Session ID Disclosure
Posted Jan 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database Server versions 10gR2, 11gR1 and 11gR2 suffer from a session id extraction vulnerability.

tags | advisory, info disclosure
advisories | CVE-2010-4420
MD5 | a537798a46d50f5a9df7a2810f2b61b3
Oracle Database Vault Administrator XSRF
Posted Jan 21, 2011
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - The Oracle Database Vault Administrator web console lacks any sort of cross site request forgery protection.

tags | advisory, web, csrf
advisories | CVE-2010-4421
MD5 | 179cb7fb85f40a480b0f9645b120c3bb
Secunia Security Advisory 42895
Posted Jan 20, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and gain escalated privileges, by malicious users and malicious people to disclose potentially sensitive information, manipulate certain data, and by malicious people to compromise a vulnerable system.

tags | advisory, local, vulnerability
MD5 | 0e10447cd467ee1a345dd4ec3a45959f
Zero Day Initiative Advisory 11-018
Posted Jan 18, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability. The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The script allows clients to upload XML files to the server. However, if a NULL byte is supplied within a POST parameter during a request to this JSP page, the process will fail to properly append the XML extension to the created file. An attacker can abuse this to upload executable code which can later be accessed remotely allowing for code execution to be achieved on the server system.

tags | advisory, remote, web, arbitrary, tcp, code execution, xxe
advisories | CVE-2010-3600
MD5 | 8a671f6570a0a056f6177ff023890a97
Oracle Database CREATE_CHANGE_SET SQL Injection
Posted Oct 15, 2010
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in CREATE_CHANGE_SET procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.

tags | advisory, sql injection
advisories | CVE-2010-2415
MD5 | e0f92e4c71dae8b0120c2023b6b4d595
Page 1 of 4
Back1234Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    13 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close