SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...

Oracle BEA Weblogic 10 XSS

Digital Security Research Group DSecRG Advisory DSECRG-09-031 http://dsecrg.com/pages/vul/show.php?id=131 Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 18.03.2009 Vendor response:...

[DSECRG-09-031] Oracle BEA Weblogic 10.3 Linked ХSS vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-09-031 http://dsecrg.com/pages/vul/show.php?id=131 Application: Oracle BEA Weblogic 10 Versions Affected: Oracle BEA Weblogic 10 Vendor URL: http://oracle.com Bugs: Linked XSS Vulnerability Exploits: YES Reported: 18.03.2009 Vendor response:...

Oracle Application Server — Linked XSS vulnerability

Application: Oracle BPEL Console version 10.1.3.3.0 Versions Affected: Oracle BPEL Console version 10.1.3.3.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 18.03.2009 Vendor response: 19.03.2009 Date of Public Advisory: 20.10.2010 CVE: CVE-2010-3581 Author: Alexandr Polyakov Description XSS in...

Oracle BI Publisher — Response Splitting

Application: Oracle Business Intelligence Enterprise Edition 10.1.3.4.0 Versions Affected: Oracle Business Intelligence Enterprise Edition 10.1.3.4.0 Vendor URL: Bugs: Response Splitting, XSS, Phishing credentials Exploits: YES Reported: 03.03.2009 Vendor response: 04.03.2009 Last response:...

Oracle 10g - SYS.LT.REMOVEWORKSPACE SQL Injection

// /Oracle 10g SYS.LT.REMOVEWORKSPACE SQL Injection Exploit/ /grant DBA and create new OS user advanced extproc/ // /exploit grant DBA to scott/ /and execute OS command "net user"/ /using advanced extproc method/ // /tested on oracle 10.1.0.5.0/ // // / Date of Public EXPLOIT: January 6, 2009 / /...

Oracle 10g R1 xdb.xdb_pitrig_pkg Buffer Overflow Exploit (PoC)

Exploit for multiple platform in category dos / poc ============================================================== Oracle 10g R1 xdb.xdbpitrigpkg Buffer Overflow Exploit PoC ============================================================== // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGTRUNCATE / / BUFFE...

RunCMS 1.6 Get Admin Cookie Remote Blind SQL Injection Exploit

No description provided by source. // / RUNCMS 1.6 BLIND SQL Injection Exploit get Admin Cookie / // / exploit get admin cookie that can be used / / to login by pasting it into browser Opera / / and then get access to Admin session / / and change Admins password / / / // // / tested on RUNCMS...

Oracle 10g LT.FINDRICSET Local SQL Injection Exploit (IDS evasion)

No description provided by source. // / Oracle 10g LT.FINDRICSET SQL Injection Exploit / // / sploit grant DBA to scott / / evil cursor injection / / No "create procedure" privileg needed! / / + Funny IDS evasion vith base64 / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT:...

oracle10g-sql.txt

// / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user / // / BY Sh2kerR Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: October 23, 2007 / / Written by: Alexandr "Sh2kerr" Polyakov / / email: [email protected]...