Oracle 10g KUPW$WORKER.MAIN Grant/Revoke dba Permission Exploit

Exploit for multiple platform in category remote exploits =============================================================== Oracle 10g KUPW$WORKER.MAIN Grant/Revoke dba Permission Exploit =============================================================== !/usr/bin/perl Remote Oracle KUPW$WORKER.MAIN...

Oracle 9i/10g DBMS_EXPORT_EXTENSION SQL Injection Exploit

Exploit for multiple platform in category remote exploits ========================================================= Oracle 9i/10g DBMSEXPORTEXTENSION SQL Injection Exploit ========================================================= !/usr/bin/perl Remote Oracle dbmsexportextension exploit any versio...

Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit

No description provided by source. / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret [email protected] Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...

CVE-2006-5114

SAP ITS exposed vulnerability: Cross-site scripting in wgate.dll (wgate) affecting SAP Internet Transaction Server versions 6.1 and 6.2. Attacker can inject arbitrary script via the ~urlmime or ~command parameters. This CVE (CVE-2006-5114) shares vectors with CVE-2003-0749 but is a separate entry...

SAP Internet Transaction Server XSS vulnerability

Vulnerability class : Cross-Site Scripting Discovery date : 13 September 2006 Remote : Yes Credit : ILION Research Labs Vulnerable : SAP ITS Vulnerable version: Versions 6.1 and 6.2 have been found to be vulnerable. Other versions might be too. A XSS Cross-Site-Scripting vulnerability has been...

SAP Internet Transaction Server < 6.20 Patch 18 wgate urlmime Parameter XSS

Binary data 3753.prm...

SAP Internet Transaction Server 6.106.20 - Cross-Site Scripting

SAP Internet Transaction Server 6.106.20 - Cross-Site Scripting source: https://www.securityfocus.com/bid/20244/info SAP Internet Transaction Server ITS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue would allow...

SAP Internet Transaction Server (ITS) Detection

Binary data 3752.prm...

SAP Internet Transaction Server 6.10/6.20 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/20244/info SAP Internet Transaction Server ITS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue would allow an attacker to steal cookie-based credentials and to launch oth...

SAP Internet Transaction Server wgate Multiple Parameter XSS

The remote web server fails to sanitize the contents of the 'urlmime' parameter to the '/scripts/wgate' script before using it to generate dynamic web content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's browser to ...

Informix Detection

The remote host is running Informix, an online transaction processing OLTP data server from IBM. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid22228; scriptversion"1.18";...

Microsoft Distributed Transaction Coordinator DoS

Two different buffer overflows causing service to crash...

CVE-2006-0034

Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator MSDTC for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or...

CVE-2006-1184

Microsoft Distributed Transaction Coordinator MSDTC for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service crash via a BuildContextW request with a large 1 UuidString or 2 GuidIn of a certain length, which causes an out-of-range memory...

[EEYEB20051011B] - Microsoft Distributed Transaction Coordinator Denial of Service

Microsoft Distributed Transaction Coordinator Denial of Service http://www.eeye.com/html/research/advisories/AD20060509b.html Release Date: May 9, 2006 Date Reported: October 11, 2005 Patch Development Time In Days: 210 Severity: Low Denial of Service Systems Affected: Windows NT 4.0 Windows 2000...

MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow DoS (913580) (uncredentialed check)

The remote version of Windows contains a version of MSDTC Microsoft Data Transaction Coordinator service that is affected by several remote code execution and denial of service vulnerabilities. An attacker may exploit these flaws to obtain complete control of the remote host 2000, NT4 or to crash...

[EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow

Microsoft Distributed Transaction Coordinator Heap Overflow http://www.eeye.com/html/research/advisories/AD20060509a.html Release Date: May 9, 2006 Date Reported: October 11, 2005 Patch Development Time In Days: 210 Severity: High Remote Code Execution Systems Affected: Windows NT 4.0 Windows 200...

CVE-2006-1184

Microsoft Distributed Transaction Coordinator MSDTC for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service crash via a BuildContextW request with a large 1 UuidString or 2 GuidIn of a certain length, which causes an out-of-range memory...

CVE-2006-0034

CVE-2006-0034 describes a heap-based buffer overflow in MSDTC’s RPC path (msdtcprx.dll BuildContextW/BuildContext) caused by an overly long fifth argument, triggering a bug in NdrAllocate. Affected products include Windows 2000/NT4-era MSDTC deployments, with the issue leading to denial of servic...

Preemptive Protection against Microsoft Distributed Transaction Coordinator Vulnerability (MS06-018)

Microsoft Distributed Transaction Coordinator MSDTC is a system service that coordinates transactions for Microsoft Windows platforms. A vulnerability was detected in the MDTC, allowing a remote attacker with the ability to send a crafted message to cause an affected system to stop responding...