CVE-2007-2118

The CVE-2007-2118 entry concerns Oracle Database Upgrade/Downgrade component vulnerabilities in 9.0.1.5 and 9.2.0.7. The description indicates an unspecified vulnerability with unknown impact/attack vectors, and a note that claims this may be a buffer overflow in the mig utility. No additional te...

CVE-2007-2113

CVE-2007-2113 affects Oracle Database (Upgrade/Downgrade component, DBMS_UPGRADE_INTERNAL) and is described as a SQL injection vulnerability in Oracle Database 10.1.0.5. The issue allows remote authenticated users to execute arbitrary SQL via unknown vectors; the description notes this DB07 may c...

Oracle 10g DBMS_AQ.ENQUEUE SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0-day Remote Oracle DBMSAQ.ENQUEUE exploit 10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com DATE:...

oracle-inject-bunker.txt

!/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: http://www.red-database-security.com/ AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com DATE:...

Oracle 10g - KUPM$MCP.MAIN SQL Injection

!/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: http://www.red-database-security.com/ AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com DATE:...

Oracle 10g KUPM$MCP.MAIN - SQL Injection (2)

Oracle 10g KUPM$MCP.MAIN - SQL Injection 2 !/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g - Version 2 - New "evil cursor injection" tip! - No "create procedure" privilege needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user...

Buffer overflow

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists DACLs, which allows local users to gain privileges...

CVE-2007-1442

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists DACLs, which allows local users to gain privileges...

Oracle数据库服务器DACL多个不安全权限漏洞

Oracle Database是一款大型的商业数据库系统。 Oracle处理某些内部对象时存在访问验证漏洞，本地攻击者可能利用此漏洞造成拒绝服务或获得权限提升。...

Oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)

No description provided by source. // Argeniss - Information Security // // Oracle Database local elevation of privileges PoC exploit // // Author: Cesar Cerrudo include windows.h include stdio.h BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR...

Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation

// Argeniss - Information Security // // Oracle Database local elevation of privileges PoC exploit // // Author: Cesar Cerrudo include include BOOL InjectShellcodeDWORD oldEIP,CHAR oSID HMODULE hKernel; FARPROC pCreateProc; LPSTR sCommand="cmd.exe"; DWORD dwStrLen; CHAR buff100;...

CVE-2006-7141

Absolute path traversal vulnerability in Oracle Database Server, when utlfiledir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utlfile functions such as 1 utlfile.putline...

CVE-2006-7141

Absolute path traversal vulnerability in Oracle Database Server, when utlfiledir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utlfile functions such as 1 utlfile.putline...

PT-2007-1419 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server affected versions not specified Description: The issue allows remote authenticated users to read and modify arbitrary files via full filepaths to utl file functions such as utl file.put line and utl file.get line when u...

CVE-2005-4832

SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTIONNAME parameter in the 1 SYS.DBMSCDCSUBSCRIBE and 2 SYS.DBMSCDCISUBSCRIBE packages, a different vector than CVE-2005-1197...

Oracle 9i10g DBMS_METADATA.GET_DDL - SQL Injection (2)

Oracle 9i10g DBMSMETADATA.GETDDL - SQL Injection 2 !/usr/bin/perl Remote Oracle DBMSMETADATA.GETDDL exploit 9i/10g - Version 2 - New "evil cursor injection" tip! - No "create procedure" privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to...

Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (2)

Oracle 10g Database - SUBSCRIPTIONNAME SQL Injection 2 source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that...

Oracle 10g KUPV$FT.ATTACH_JOB SQL Injection Exploit v2

Exploit for multiple platform in category remote exploits ====================================================== Oracle 10g KUPV$FT.ATTACHJOB SQL Injection Exploit v2 ====================================================== !/usr/bin/perl Remote Oracle KUPV$FT.ATTACHJOB exploit 10g - Version 2 - Ne...

Oracle 10g KUPV$FT.ATTACH_JOB - SQL Injection (2)

!/usr/bin/perl Remote Oracle KUPV$FT.ATTACHJOB exploit 10g - Version 2 - New "evil cursor injection" tip! - No "create procedure" privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise...

Oracle 10g - KUPW$WORKER.MAIN SQL Injection (2)

!/usr/bin/perl Remote Oracle KUPW$WORKER.MAIN exploit 10g - Version 2 - New "evil cursor injection" tip! - No "create procedure" privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise...