exploit the possibilities
Showing 1 - 25 of 74 RSS Feed

Files

NISR17102007D.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a denial of service condition.

tags | advisory, denial of service
MD5 | a370f981cb7f34a8094c806a8b0dfddf

Related Files

NGSSoftware Insight Security Research Advisory NISR13012009
Posted Jan 14, 2009
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required.

tags | advisory, sql injection
advisories | CVE-2008-3979
MD5 | 67ec9b9c82ddbbfab1ed69612d3792ec
NISR15072008.txt
Posted Jul 16, 2008
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Oracle Application Server installs a number of PLSQL packages in the backend database server. One of these is the WWV_RENDER_REPORT package and it is vulnerable to PLSQL injection. This package uses definer rights execution and therefore executes with the privileges of the owner, in this case the highly privileged PORTAL user.

tags | advisory, sql injection
advisories | CVE-2008-2589
MD5 | c6bc69f8abb9b4ec0ab0dfecf8149c3d
NGS00419.txt
Posted Oct 30, 2007
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - It is possible to cause the Java Virtual Machine to overwrite an arbitrary memory location with an arbitrary value (repeatedly and in a stable manner) when parsing a malformed TrueType font. JDK and JRE versions 5.0 Update 9 and below as well as SDK and JRE versions 1.4.2_14 and below are affected.

tags | advisory, java, arbitrary
MD5 | c0cef6830fd8bb988ca43b15caf178dc
NGS00443.txt
Posted Oct 30, 2007
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - JDK and JRE versions 6 Update 1 and below, 5.0 Update 11 and below, and SDK and JRE versions 1.4.2_14 and below contain a vulnerability that allows an untrusted applet to violate the network access restrictions placed on it by the Java sandbox.

tags | advisory, java
MD5 | 294b79541b86bde15e4205357ff9f957
NISR17102007E.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle XML DB ftp service contains problems with auditing logins.

tags | advisory
MD5 | 03a2b4d2ce1e0e61066c4236c2f3932c
NISR17102007C.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle TNS Listener suffers from denial of service and/or remote memory inspection vulnerabilities. Systems affected include Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9.

tags | advisory, remote, denial of service, vulnerability
MD5 | 4b1d5b9c9a68052baf1d1b81653d3661
NISR17102007B.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection. The Workspace Manager, owned by SYS, contains a package called LT. This package is owned and defined by the SYS user and can be executed by PUBLIC. LT contains a procedure called FINDRICSET which calls the FINDRICSET package in the LTRIC package. This is vulnerable to SQL injection and can be abused by an attacker to gain SYS privileges.

tags | advisory, sql injection
MD5 | 69edd82fa8cac473f288d4f330ee5ac6
NISR17102007A.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Intermedia application, owned by CTXSYS, contains a package called CTX_DOC. This package contains multiple SQL injection flaws.

tags | advisory, sql injection
MD5 | 6391108725892efacb180aa8e5d0112b
NISR02082006I.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple file creation/write/read issues were discovered. The LOTOFILE function and rlt_tracefile_set functions can be used to create and write to files. The SET DEBUG FILE can also be used to create and write to files. All versions are affected.

tags | advisory
advisories | CVE-2006-3859
MD5 | 08bb6092c587cd407c6e7391d131de93
NISR02082006H.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that any user can create a database and thus gain DBA privileges. On Informix public has the connect privilege; thus anyone with a login may connect. Public can also issue the create database command. When the database is created, the user that created the database is made a DBA of that database. A DBA can execute code as the informix user and trivially gain root privileges. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

tags | advisory, root
advisories | CVE-2006-3861
MD5 | a9a996c792c7d57a32ccd09ac3c50373
NISR02082006G.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that an overflow could be triggered in a shared library with the SQLIDEBUG environment variable. This can be triggered to gain root privileges by accessing one of the setuid root binaries such as onmode. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

tags | advisory, overflow, root
advisories | CVE-2006-3862
MD5 | 7f64285bcca453df2f6588f93dc4db6e
NISR02082006F.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple arbitrary command execution flaws were found. It is possible to inject arbitrary operating system commands into the SET DEBUG FILE SQL statement and the start_onpload and dbexp procedures. Any commands injected into SET DEBUG FILE will execute with the privileges of the informix user; any command injected into dbexp or start_onpload will execute with the privileges of the logged on user. All versions are affected.

tags | advisory, arbitrary
advisories | CVE-2006-3860
MD5 | 74ea9745c14f2d2c36c2c7fb96ee99a4
NISR02082006E.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple password exposure flaws were discovered. When a user logs on to an Informix server their cleartext password can be found in a shared memory section. On Windows "everyone" can open the section and read the contents and thus gain access to the passwords for every logged on user. On both Linux and Windows, in the event of a crash the share memory is dumped in a log file which is world readable. All versions are affected.

tags | advisory
systems | linux, windows
advisories | CVE-2006-3858
MD5 | a61d36800c1b28ff381005ac203e1e33
NISR02082006D.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple buffer overflow vulnerabilities were discovered that could be exploited via SQL or the protocol. All versions are affected.

tags | advisory, overflow, vulnerability, protocol
advisories | CVE-2006-3857
MD5 | 8875427912f012a55b6338d61b48cb0d
NISR02082006C.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. An attacker can force to the database server to load an arbitrary library and thus execute arbitrary code. The ifx_load_internal SQL function can be used to load an arbitrary library into the address space of the database server process. By placing code in the DllMain() function on Windows or _init() on Linux an attacker can have this code execute automatically when the library is loaded. In conjunction with exploiting other flaws it is possible to remotely create a library over SQL, dump this to the server disk and then load it. All versions are affected.

tags | advisory, arbitrary
systems | linux, windows
advisories | CVE-2006-3855
MD5 | b8d173ad4c04f94ba83b3cd3ce98f140
NISR02082006B.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. When IBM released a patch for the overly long username buffer overflow (CVE-2006-3853) it was discovered that the patch introduced a new buffer overflow vulnerability. Versions affected include 9.40.xC7 and xC8, 10.00.xC3 and xC4.

tags | advisory, overflow
advisories | CVE-2006-3853, CVE-2006-3854
MD5 | 0d741bc614c48dd1b99de79937d95136
NISR02082006A.txt
Posted Aug 27, 2006
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - When an Informix server logs on a user it copies the username to a 260 byte stack based buffer without first verifying its length. An attacker can exploit this by overflowing this buffer to overwrite the saved return address on the stack and thus redirect the process' path of execution to a location of their choosing. Versions 9.40.xC6 and below are affected. Versions 10.00.xC2 and below are affected.

tags | advisory, overflow
advisories | CVE-2006-3853
MD5 | 2a1610a31726c9d9726e8f05d201102c
HPRadiaManagement.txt
Posted Jul 28, 2005
Authored by David Morgan, Dominic Beecher | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - HP OpenView Radia Management Portal versions 2.x and 1.x running the Radia Management Agent suffer from a remote command execution flaw via a directory traversal. By connecting to the TCP port and sending a crafted packet, it is possible to traverse out of C:\Program Files\Novadigm and run any executable that is located on the same logical disk partition.

tags | exploit, remote, tcp
MD5 | 746992e1a974b65a8b4f2abc6eab9a03
sybase-ase.txt
Posted Apr 17, 2005
Authored by Mark Litchfield, Chris Anley, Sherief Hammad | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Sybase ASE versions prior to 12.5.3 ESD#1 suffer from multiple buffer overflows and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
MD5 | 1392d5ea3050f7066d79e8fec0f1e656
NISR-AntiBruteForce.pdf
Posted Mar 22, 2005
Authored by Gunter Ollmann | Site nextgenss.com

Authentication processes in web-based applications are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors. Resource metering through client-side computationally intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.

tags | paper, web, cracker
MD5 | 0b4494791f61ecd4804eee34f97360b8
NISR-BestPracticesInHostURLNaming.pdf
Posted Feb 1, 2005
Authored by Gunter Ollmann | Site ngssoftware.com

Whitepaper discussing the best security practices for host naming and URL conventions.

tags | paper
MD5 | 0000dd8371446ec478b9ed46ca6cca8e
netddefull.txt
Posted Jan 25, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the Microsoft NetDDE service which can allow a remote attacker to execute arbitrary code on a system without authentication. This vulnerability can also be used by any low privileged local user to gain Local System privileges. Systems Affected: Microsoft Windows NT/2000/XP/2003 Server.

tags | advisory, remote, arbitrary, local
systems | windows, nt
MD5 | b98637936b789d69ec478577391492ad
real-03full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Two vulnerabilities have been discovered in RealPlayer which may potentially be leveraged to allow remote code execution, or may used in combination with the Real Metadata Package File Deletion vulnerability to reliably delete files from a users system. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, remote, vulnerability, code execution
MD5 | a62a355cabf73b172ee95abac18d9ff9
real-02full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in RealPlayer which can allow an attacker to delete arbitrary files from a users system through a specially crafted webpage with little user interaction. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, arbitrary
MD5 | 259331d714aca39c33993b490a62115b
real-01full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the RealPlayer ActiveX component which can allow remote code execution when visiting a specially crafted webpage or when opening a specially crafted skin file. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, remote, code execution, activex
MD5 | 374eb50f50ea6fb8cff0a2b66a93ded5
Page 1 of 3
Back123Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close