3671 matches found
CVE-2012-3220
Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors...
CVE-2013-0362
Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server formerly Oracle Database Lite 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0363 and CVE-2013-0364...
Oracle Patches Java Zero Day Vulnerability
Oracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen i...
Oracle Patches Java Zero Day Vulnerability
Oracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen i...
Oracle Database Client System Analyzer - Arbitrary File Upload (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Oracle Containers for J2EE/ include...
Oracle Database Client System Analyzer Arbitrary File Upload
This Metasploit module exploits an arbitrary file upload vulnerability on the Client Analyzer component as included in Oracle Database 11g, which allows remote attackers to upload and execute arbitrary code. This Metasploit module has been tested successfully on Oracle Database 11g 11.2.0.1.0 on...
Oracle Database Client System Analyzer Arbitrary File Upload
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Oracle Containers for J2EE/ include...
mysql: unspecified DoS vulnerability related to InnoDB (CPU Oct 2012)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB...
The latest Oracle Database authentication Protocol security bypass vulnerability-vulnerability warning-the black bar safety net
The Oracle Database was found likely to cause a remote security bypass vulnerability, and impact to its own authentication Protocol. An attacker can exploit this vulnerability to bypass the database authentication to access the database from unauthorized access. Affected versions: Oracle Database...
Oracle database to bypass login authentication-vulnerability warning-the black bar safety net
And a while back that phpmyadmin to bypass the verification is somewhat similar. An attacker can exploit this vulnerability to bypass authentication process and gain unauthorized access to the database. 1. --coding:utf8 -- 2. 3. import hashlib 4. from Crypto. Cipher import AES 5. 6. def...
Oracle Database Multiple Vulnerabilities (October 2012 CPU)
The remote Oracle database server is missing the October 2012 Critical Patch Update CPU and is, therefore, potentially affected by security issues in the Core RDBMS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Oracle MySQL Server 5.1.x < 5.1.67 Multiple Vulnerabilities
Binary data 6675.prm...
Oracle Database Authentication Protocol Security Bypass
Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database. This vulnerability affects Oracle Database 11g Release 1 and 11g Relea...
Oracle Database - Protocol Authentication Bypass
source: https://www.securityfocus.com/bid/55651/info Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database. This vulnerabilit...
Oracle Database - Protocol Authentication Bypass
Oracle Database - Protocol Authentication Bypass source: https://www.securityfocus.com/bid/55651/info Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker can exploit this issue to bypass the authentication process and gain...
CVE-2012-3137
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...
CVE-2012-3137
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...
Flaw in Oracle Logon Protocol Leads to Easy Password Cracking
There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The attacker could then log on as an authenticated user...
Sql injection
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMSSTATS.GATHERTABLESTATS...
CVE-2012-3132
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMSSTATS.GATHERTABLESTATS...