Slides from the presentation Oracle Database Vault: Design Failures.
aa413dac2420e9793150ea25140ef356d8f3b5c166c5a82b88e5082a51840006The Oracle WebLogic WLS WSAT component is vulnerable to an XML deserialization remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.
4ec37da27b4c2bc377cee005689b9de7e837a03542a60ce1130758c857cb9228Oracle JDeveloper IDE suffers from a directory traversal vulnerability.
1d176bdbee49ba892cf19cf1e3798bd83c3a891b6a5e40b040c9740c38088530Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6 suffer from an unconstrained file download vulnerability.
9aae3dbd6f7dc3149e3d98324e0cd339aa6a4a5b85500b4164c9b406d0301082Oracle Netbeans IDE version 8.1 suffers from a directory traversal vulnerability.
fcd77a7ca37698cc313eccfc4beebbe095c88b70b0ee7e76a01fd60ad3e4e156Oracle's orakill.exe binary version 11.2.0 suffers from a buffer overflow vulnerability.
c9fef9d30e9b9bf8c1f6540912d5512f614b2ec08e1c53effd8a3d2295ba9b2fThis Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.
472df2245622a97749e8706f2ba968606decb46822546f51bf7cc6c5391ad65fJava Platform SE 6 U24 HtmlConverter.exe version 6.0.240.50 suffers from a buffer overflow vulnerability.
c26dad11dc7a3b97b9cbe8edf6f976878186e3d92c3d957301ddda94e2f412c6This Metasploit module exploits a vulnerability found in Oracle BeeHive. The processEvaluation method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM.
0dd4b2592fada413038b4c9f336ee7ca63693bbb79a1842a8646d6ac30bff4dfThis Metasploit module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.
2ffb837bd56e22b7a4670bff61370cd18bac27e5c719ed050224b17709ad6f2eThis is a public blog posted by Oracle's CSO Mary Ann Davidson. It provides a rare glimpse into the corporate mindframe reminding us all that license agreements are always respected by hostile parties and therefore security researchers should not even consider reverse engineering Oracle's code base. As has been proven time and again, Oracle's bullet proof unbreakable security does not need public vetting and they consistently can identify and address all issues without your needless meddling.
d16deebdad2785cf38a42eaa182a2fd03f6976eacc830f7b05b1f5489393b40fThese are the slides from the presentation "VoIP Wars: Attack of the Cisco Phones" from the talk given at Defcon 22 and Blackhat USA 2014.
720ddb24a662b21cf705390762e270841f4e60b42dfbc2cfb78cf7cff84316a9Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.
8cb488d94f0f24c541295b45894955646b915f06b2bd3f2038f2c4e7aac4422fThis Metasploit module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Processing uses a Jetty Application Server without JSP support, which limits the attack to WbemExec. The current WbemExec technique only requires arbitrary write to the file system, but at the moment the module only supports Windows 2003 SP2 or older.
354b179956fa5730561cdacb3cb83ea87cbbaf8af2b2d69f7b545cc36d2d4223Whitepaper called Oracle SID Detection Techniques - Part 1. Written in Persian.
216902657ee1a360c1b1d862f34bf7cec694092990536e667eff806c67124f16Whitepaper called Oracle SID Detection Techniques - Part 3. Written in Persian.
99d5fc68bd7f308a7fb0286580dfe9fb08fa67f54a4512ba6fc79242096c12a4Whitepaper called Oracle SID Detection Techniques - Part 2. Written in Persian.
dce6b5307b6f20bb7d98b49054356d04c564fab5330fc55d8943a23c414fdf59Whitepaper called Oracle SID Detection Techniques - Part 1. Written in Persian.
b840fcc9f91bdcdd628bf96a2b8007f515b3578cf72d2146034d794c32e08817This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell from a remote url to a known local path disclosed from the previous vulnerability. The local path being accessible from an URL then allows us to perform the remote code execution using for example a .jsp shell. Tested on Windows and Oracle Forms and Reports 10.1.
0ae51161a01d969079b5ae31c9e558381714eaaed892cb6da032845477f29e85This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This Metasploit module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).
fdafe64c526b291f8bc73bfd5eb8e62b37efd1524e773b087d3cc9cb3a8c5297These are presentation slides from the German IPv6 Kongress that was held in Frankfurt, Germany in 2013.
bc707bd82aae4f68dfff095f7eb059d3eff1bb8aae00edc3d6984f3f773c302bThis Metasploit modules exploits a vulnerability found in the Oracle WebCenter Content CheckOutAndOpenControl ActiveX. This vulnerability exists in openWebdav(), where user controlled input is used to call ShellExecuteExW(). This Metasploit module abuses the control to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the CheckOutAndOpenControl ActiveX installed with Oracle WebCenter Content 11.1.1.6.0.
b0e1c2b4d5000f5d54ab03faad81b1e6f76cdaf93878521b78deb176531d5582Memory analysis and manipulation can provide security analysts with formidable weapons. During his talk at Information Security Day for ISACA Luxembourg Chapter, Frederic BOURLA presented most memory manipulation tricks from both offensive and defensive angles. The talk first dealt with the attacker’s layer, from pivoting attacks to IEEE1394 issues through in-memory fuzzing, which permits auditors to bypass built-in features, network limitations and encryption to remain able to uncover security vulnerabilities in a running application. In a second stage, the talk focused on the benefits of memory manipulation in computer forensics and malware analysis fields, especially when facing sophisticated malcode, such as kernel rootkits or heavily encrypted reverse trojans. Basically, this talk aimed to open the doors to a fascinating world which could easily allow security analysts to save lots of time during their recurrent duties. These are the slides from the talk.
b14650723522b783a88513058899a3613617d57af6a2e3623fafefaf8a3866faOracle Auto Service Request creates files insecurely in /tmp using time stamps instead of mkstemp(). Due to this, it is possible to clobber root owned files and possibly cause a denial of service condition or worse.
3201569e185a30abb901fe01ff0684a58d22ab75b3d2eb41883373ead659d4e8Oracle Automated Service Manager version 1.3 suffers from a local root privilege escalation vulnerability during install.
541a2508bc332207de3f68c469abd43870d40347d9628cf361e59c570beb5ac0This Metasploit module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to arbitrary locations. In order to execute remote code two techniques are provided. If the Oracle app has been deployed in the same WebLogic Samples Domain a JSP can be uploaded to the web root. If a new Domain has been used to deploy the Oracle application, the Windows Management Instrumentation service can be used to execute arbitrary code. Both techniques has been successfully tested on default installs of Oracle BTM 12.1.0.7, Weblogic 12.1.1 and Windows 2003 SP2. Default path traversal depths are provided, but the user can configure the traversal depth using the DEPTH option.
7ce41ed8870542efde605f50001955d8595ff56317328c0892477dec49dbddec
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed