5 matches found
Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB 10gR2, 11gR1/R2 DBMSJVMEXPPERMS OS Command Execution', 'Description' = %q This module exploits a flaw 0 day in DBMSJVMEXPPERMS package...
CVE-2010-0866
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/jvmoscode10g.rb 2018-05-29 15:50:33+00:00| seen|...
Oracle Database DBMS_JVM_EXP_PERMS System Command Execution (CVE-2010-0866; CVE-2010-0867)
Oracle Database server is an enterprise-level relational database application suite. A privilege escalation vulnerability exists in Oracle Database server that can allow users with limited privileges to execute arbitrary operating system commands on a target server. The vulnerability is due to an...
CVE-2010-0866
CVE-2010-0866 concerns Oracle Database JavaVM; connected docs cite exploits for DBMS_JVM_EXP_PERMS enabling OS command/code execution via remote authenticated users (CREATE_SESSION) on Oracle DB 10gR2/11gR1/R2. The flaw allows granting Java IO privileges, per Metasploit modules referenced in PACK...
Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution
This module exploits a flaw 0 day in DBMSJVMEXPPERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield. Works on 11g R1 and R2 Windows only. This module requires Metasploit: https://metasploit.com/download Current...