what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 74 RSS Feed

Files

NISR17102007C.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle TNS Listener suffers from denial of service and/or remote memory inspection vulnerabilities. Systems affected include Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9.

tags | advisory, remote, denial of service, vulnerability
SHA-256 | 2df77d5f0342cb6ee96c1251a4daebb88b481263665cf072ef864d3780bd5b37

Related Files

NGSSoftware Insight Security Research Advisory NISR13012009
Posted Jan 14, 2009
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required.

tags | advisory, sql injection
advisories | CVE-2008-3979
SHA-256 | 5121c42e5d2e8b18156a9dd21c0939cd3a695ecc1539eda09d741e19ef556402
NISR15072008.txt
Posted Jul 16, 2008
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Oracle Application Server installs a number of PLSQL packages in the backend database server. One of these is the WWV_RENDER_REPORT package and it is vulnerable to PLSQL injection. This package uses definer rights execution and therefore executes with the privileges of the owner, in this case the highly privileged PORTAL user.

tags | advisory, sql injection
advisories | CVE-2008-2589
SHA-256 | 9b8fadd595dfccce56403731ee006274cd61e8b1f62476460b18211d7135e98e
NGS00419.txt
Posted Oct 30, 2007
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - It is possible to cause the Java Virtual Machine to overwrite an arbitrary memory location with an arbitrary value (repeatedly and in a stable manner) when parsing a malformed TrueType font. JDK and JRE versions 5.0 Update 9 and below as well as SDK and JRE versions 1.4.2_14 and below are affected.

tags | advisory, java, arbitrary
SHA-256 | 0f0ebea1254e1ec07669df846e6a69c1b0b5d28d5ec47a79fc20ee4ef9e02c1b
NGS00443.txt
Posted Oct 30, 2007
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - JDK and JRE versions 6 Update 1 and below, 5.0 Update 11 and below, and SDK and JRE versions 1.4.2_14 and below contain a vulnerability that allows an untrusted applet to violate the network access restrictions placed on it by the Java sandbox.

tags | advisory, java
SHA-256 | 9a7c6871dff0c09ab04b8fb752675bf310bc954b330129c49fbe3633fb2bc29c
NISR17102007E.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle XML DB ftp service contains problems with auditing logins.

tags | advisory
SHA-256 | 2639ac2b24b2c8d5133eff124f15167a71fbd4375eea39277529464a214d3dce
NISR17102007D.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a denial of service condition.

tags | advisory, denial of service
SHA-256 | e7b0e95883d2072b1a56b5fdfcf4738223ad9c7c04551753f7ce3368ba5e986c
NISR17102007B.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection. The Workspace Manager, owned by SYS, contains a package called LT. This package is owned and defined by the SYS user and can be executed by PUBLIC. LT contains a procedure called FINDRICSET which calls the FINDRICSET package in the LTRIC package. This is vulnerable to SQL injection and can be abused by an attacker to gain SYS privileges.

tags | advisory, sql injection
SHA-256 | 5df31c6c9790c218a2a5535198524baba532d40fd776334551174739a7f50ba0
NISR17102007A.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Intermedia application, owned by CTXSYS, contains a package called CTX_DOC. This package contains multiple SQL injection flaws.

tags | advisory, sql injection
SHA-256 | b9ba2ce84bdcab48f900e299204898570d236d962e46142d20245fc29727b497
NISR02082006I.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple file creation/write/read issues were discovered. The LOTOFILE function and rlt_tracefile_set functions can be used to create and write to files. The SET DEBUG FILE can also be used to create and write to files. All versions are affected.

tags | advisory
advisories | CVE-2006-3859
SHA-256 | 2affd37ddf15299e22b23ffbd647cb2a6e868929770043427f279f0f699124e2
NISR02082006H.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that any user can create a database and thus gain DBA privileges. On Informix public has the connect privilege; thus anyone with a login may connect. Public can also issue the create database command. When the database is created, the user that created the database is made a DBA of that database. A DBA can execute code as the informix user and trivially gain root privileges. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

tags | advisory, root
advisories | CVE-2006-3861
SHA-256 | 2e55245ad26b576afca508a68372cfda7bb86b7546b1285a8099dff4c166de4f
NISR02082006G.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that an overflow could be triggered in a shared library with the SQLIDEBUG environment variable. This can be triggered to gain root privileges by accessing one of the setuid root binaries such as onmode. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

tags | advisory, overflow, root
advisories | CVE-2006-3862
SHA-256 | 8955388d97ae74ef45c6d22c01de4a4e9547b265d516e7f9401fb036eba2275d
NISR02082006F.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple arbitrary command execution flaws were found. It is possible to inject arbitrary operating system commands into the SET DEBUG FILE SQL statement and the start_onpload and dbexp procedures. Any commands injected into SET DEBUG FILE will execute with the privileges of the informix user; any command injected into dbexp or start_onpload will execute with the privileges of the logged on user. All versions are affected.

tags | advisory, arbitrary
advisories | CVE-2006-3860
SHA-256 | b5d5e8096254163518ebf4ac4de8efc16ebf88b9ec376fb817120eeb7e23c608
NISR02082006E.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple password exposure flaws were discovered. When a user logs on to an Informix server their cleartext password can be found in a shared memory section. On Windows "everyone" can open the section and read the contents and thus gain access to the passwords for every logged on user. On both Linux and Windows, in the event of a crash the share memory is dumped in a log file which is world readable. All versions are affected.

tags | advisory
systems | linux, windows
advisories | CVE-2006-3858
SHA-256 | 23a0c353bdfb30b80077409ec6689836532d2a232cb2f65d11d7db404804d932
NISR02082006D.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple buffer overflow vulnerabilities were discovered that could be exploited via SQL or the protocol. All versions are affected.

tags | advisory, overflow, vulnerability, protocol
advisories | CVE-2006-3857
SHA-256 | 0a99d3578e49c0e3c76bcb6cfb33a822c4e9a7ee029cbfec611087fff35ff68d
NISR02082006C.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. An attacker can force to the database server to load an arbitrary library and thus execute arbitrary code. The ifx_load_internal SQL function can be used to load an arbitrary library into the address space of the database server process. By placing code in the DllMain() function on Windows or _init() on Linux an attacker can have this code execute automatically when the library is loaded. In conjunction with exploiting other flaws it is possible to remotely create a library over SQL, dump this to the server disk and then load it. All versions are affected.

tags | advisory, arbitrary
systems | linux, windows
advisories | CVE-2006-3855
SHA-256 | cc47bb6ff9a3cd8a1becdf64a6684bcdcfeba23e757986e96fe1cef4419ee8f4
NISR02082006B.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. When IBM released a patch for the overly long username buffer overflow (CVE-2006-3853) it was discovered that the patch introduced a new buffer overflow vulnerability. Versions affected include 9.40.xC7 and xC8, 10.00.xC3 and xC4.

tags | advisory, overflow
advisories | CVE-2006-3853, CVE-2006-3854
SHA-256 | a524b566bd4e626035409bb6612c2602c95367a1df9a5480ca3957f611ef5203
NISR02082006A.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - When an Informix server logs on a user it copies the username to a 260 byte stack based buffer without first verifying its length. An attacker can exploit this by overflowing this buffer to overwrite the saved return address on the stack and thus redirect the process' path of execution to a location of their choosing. Versions 9.40.xC6 and below are affected. Versions 10.00.xC2 and below are affected.

tags | advisory, overflow
advisories | CVE-2006-3853
SHA-256 | 2a9e85aa496c5f0ce698a7b9dce1377ad7751df65f00e4921b3dea642392da04
HPRadiaManagement.txt
Posted Jul 28, 2005
Authored by David Morgan, Dominic Beecher | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - HP OpenView Radia Management Portal versions 2.x and 1.x running the Radia Management Agent suffer from a remote command execution flaw via a directory traversal. By connecting to the TCP port and sending a crafted packet, it is possible to traverse out of C:\Program Files\Novadigm and run any executable that is located on the same logical disk partition.

tags | exploit, remote, tcp
SHA-256 | 7cb720055d0a9def2c53bdea7b3ee97ae5cad852628a3a71f3790a7d689c41d5
sybase-ase.txt
Posted Apr 17, 2005
Authored by Mark Litchfield, Chris Anley, Sherief Hammad | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Sybase ASE versions prior to 12.5.3 ESD#1 suffer from multiple buffer overflows and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
SHA-256 | 8057a9b0c4794a5ecce8eb94c3a4e21b6ee749420f1666aa849c032a94346f39
NISR-AntiBruteForce.pdf
Posted Mar 22, 2005
Authored by Gunter Ollmann | Site nextgenss.com

Authentication processes in web-based applications are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors. Resource metering through client-side computationally intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.

tags | paper, web, cracker
SHA-256 | 15245aa7f4bb6184fef5aa8d48258f1200f40a2d9cf75e582ce17ce1140f0645
NISR-BestPracticesInHostURLNaming.pdf
Posted Feb 1, 2005
Authored by Gunter Ollmann | Site ngssoftware.com

Whitepaper discussing the best security practices for host naming and URL conventions.

tags | paper
SHA-256 | e9a5dc480f6839ca756e12580e639976fae0181c72d56978a013e4263afab1cb
netddefull.txt
Posted Jan 25, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the Microsoft NetDDE service which can allow a remote attacker to execute arbitrary code on a system without authentication. This vulnerability can also be used by any low privileged local user to gain Local System privileges. Systems Affected: Microsoft Windows NT/2000/XP/2003 Server.

tags | advisory, remote, arbitrary, local
systems | windows
SHA-256 | 7fe7b3cd43a05089bc18d0500d8382f190e1c29289808a9a8cd64afe62566c0d
real-03full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Two vulnerabilities have been discovered in RealPlayer which may potentially be leveraged to allow remote code execution, or may used in combination with the Real Metadata Package File Deletion vulnerability to reliably delete files from a users system. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, remote, vulnerability, code execution
SHA-256 | 5c0369393320c3bc4942c495e3418f09710027a42e9c22a5dd5a498b9a15bf83
real-02full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in RealPlayer which can allow an attacker to delete arbitrary files from a users system through a specially crafted webpage with little user interaction. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, arbitrary
SHA-256 | b462f3260253fe793321c8e2dfeaaaa00172ff31bc7e9284b32f1a9c98fb0224
real-01full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the RealPlayer ActiveX component which can allow remote code execution when visiting a specially crafted webpage or when opening a specially crafted skin file. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, remote, code execution, activex
SHA-256 | d332699dfef5d8bd70ed59b5f1cffff864fb02bf8b2f613b89ac2599be623d18
Page 1 of 3
Back123Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close