CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

158 matches found

0day.today•added 2012/04/20 12:0 a.m.•69 views

Oracle Enterprise Manager SQL injection Vulnerability

Exploit for jsp platform in category web applications -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control...

7.1AI score0.01097EPSS

Exploits3

Packet Storm•added 2012/04/19 12:0 a.m.•55 views

Oracle Enterprise Manager searchPage SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager searchPage web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Oracle Enterprise Manager...

4.9CVSS0.6AI score0.00979EPSS

Exploits2

Packet Storm•added 2012/04/19 12:0 a.m.•59 views

Oracle Enterprise Manager compareWizFirstConfig SQL injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 and previous patchsets Oracle...

5.5CVSS0.9AI score0.01097EPSS

Exploits2

exploitpack•added 2011/02/20 12:0 a.m.•18 views

JAKCMS 2.01 RC1 - Blind SQL Injection

JAKCMS 2.01 RC1 - Blind SQL Injection !/usr/bin/python jakCMS = v2.01 RC1 Blind SQL Injection Exploit Understanding: The parameters 'JAKCOOKIENAME' and 'JAKCOOKIEPASS' are parsed via cookies to the application and are unchecked for malicious characters. The contents of these variables are directl...

0.3AI score

Exploits0

exploitpack•added 2011/02/15 12:0 a.m.•25 views

Lingxia I.C.E CMS - Blind SQL Injection

Lingxia I.C.E CMS - Blind SQL Injection !/usr/bin/python ICE CMS Blind SQLi 0day. mrme@pluto ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | | by mrme -...

0.6AI score

Exploits0

rdot•added 2010/07/03 12:0 a.m.•33 views

Ingres SQL Injection

Ingres SQL-Injection Небольшая заметка по Ingres, информации по этой СУБД крайне мало, поэтому решил поставить себе на локалхост и потренироваться. Далее мои впечатления и изыскания, форма представления материала скорее повествовательная, не привык писать строгие мануалы. Многие вещи основаны...

7.2AI score

Exploits0

RedHat Linux•added 2010/05/19 3:47 p.m.•64 views

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

8.5CVSS8AI score0.13255EPSS

Exploits8References6

Check Point Advisories•added 2009/11/17 12:0 a.m.•7 views

Oracle Database Server DBMS_METADATA Package SQL Injection (CVE-2005-1197)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided to the database user i...

7.5CVSS7.1AI score0.04265EPSS

Exploits0

securityvulns•added 2009/08/04 12:0 a.m.•92 views

Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager July 22, 2009 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11 11.1.0.6, 11.1.0.7 and Oracle Enterprise Manager 10g Gri...

5.5CVSS0.2AI score0.01195EPSS

Exploits0

erpscan•added 2008/11/17 12:0 a.m.•26 views

Oracle Database 11g — EXFSYS PL/SQL injection vulnerability

Application: Oracle database 11G Versions Affected: Oracle 11.1.0.6 and 10.2.0.1 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 17.11.2008 Vendor response: 18.11.2008 Last response: 24.11.2008 Date of Public Advisory: 13.01.2009 Author: Alexandr Polyakov Description...

0.9AI score

Exploits0

Saint•added 2007/11/23 12:0 a.m.•41 views

Oracle XDB component PITRIG_DROPMETADATA buffer overflow

Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...

6CVSS7.5AI score0.05385EPSS

Exploits8

Packet Storm•added 2007/06/11 12:0 a.m.•39 views

evisioncms-exec.txt

!/usr/bin/php -q -d shortopentag=on ...need i say more? Bug 2 admin/functions.php: if isset$COOKIE'adminlang' $languageselector = $COOKIE'adminlang'; else $languageselector = "en"; include"lang/".$languageselector.".php"; ...speaks for it self really. Bug 3 ; $sql = "SELECT stylecss FROM template...

7.4AI score

Exploits0

Saint•added 2007/04/25 12:0 a.m.•28 views

Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow

Added: 04/25/2007 CVE: CVE-2007-2116 BID: 23532 OSVDB: 39933 Background Package DBMSSNAPINTERNAL of schema SYS is an Advanced Replication component used internally by Oracle Database. Problem A buffer overflow vulnerability in DBMSSNAPINTERNAL allows remote attackers to execute arbitrary commands...

9CVSS7.7AI score0.02946EPSS

Exploits4

Saint•added 2006/12/18 12:0 a.m.•24 views

Oracle MD2 component SDO_CODE_SIZE buffer overflow

Added: 12/18/2006 CVE: CVE-2004-1774 BID: 10871 OSVDB: 9867 Background Oracle Database is a relational database solution available for multiple platforms. Problem A buffer overflow in the SDOCODESIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary...

7.2CVSS9.8AI score0.02672EPSS

Exploits5

PostrgeSql•added 2006/02/14 7:0 p.m.•58 views

Vulnerability in core server (CVE-2006-0553)

A bug in the handling of SET ROLE allows escalation of privileges to any other database user, including superuser. A valid login is required to exploit this vulnerability...

6.5CVSS6.2AI score0.02945EPSS

Exploits0Affected Software1

securityvulns•added 2005/04/19 12:0 a.m.•45 views

[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple SQL Injection vulnerabilities in DBMSCDCSUBSCRIBE and DBMSCDCISUBSCRIBE packages AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-02.html April 18, 2005 Affected Versions: Oracle Database Server...

1.9AI score

Exploits0

PostrgeSql•added 2005/02/06 5:0 a.m.•77 views

Vulnerability in core server (CVE-2005-0227)

Any database user is permitted to load arbitrary shared libraries using the LOAD command. A valid login is required to exploit this vulnerability...

4.3CVSS6.1AI score0.00499EPSS

Exploits0Affected Software1

Tenable Nessus•added 2001/02/15 12:0 a.m.•95 views

Oracle XSQL query.xsql sql Parameter SQL Injection

One of the sample applications that comes with the Oracle XSQL Servlet allows an attacker to make arbitrary queries to the Oracle database under an unprivileged account. Whilst not allowing an attacker to delete or modify database contents, this flaw can be used to enumerate database users and vi...

7.5CVSS5.7AI score0.07669EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by