13 matches found
Oracle Database 11g Release 2 - (OracleDBConsoleorcl) Unquoted Service Path Vulnerability
Exploit Title: Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path Discovery by: Nguyen Khang - SunCSR Vendor Homepage: https://www.oracle.com/ Software Link: https://www.oracle.com/database/technologies/112010-win64soft.html Tested Version: 11g release 2 Vulnerability Typ...
[SE-2014-01] Security vulnerabilities in Oracle Database Java VM
Hello All, Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software 1. Discovered security issues violate many "Secure Coding Guidelines for the Java Programming Language" 2. Most of them demonstrate a well known problem...
NGS00416 Patch Notification: Oracle 11g TNS listener remote Invalid Pointer Read (pre-auth)
High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle Database 11g Impact: Invalid pointer read Remote DoS Versions affected: Oracle Database 11g Security patch information can be found at the following URL:...
NGS00415 Patch Notification: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth)
High Risk Vulnerability in Oracle Database 11g 1 May 2013 Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle Database 11g Impact: Null Pointer Dereference Remote DoS Versions affected: Oracle Database 11g Security patch information can be found at the following URL:...
Oracle database client system Analyzer arbitrary file upload-vulnerability warning-the black bar safety net
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Oracle Containers for J2EE/ include...
Oracle Database Client System Analyzer Arbitrary File Upload
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Oracle Containers for J2EE/ include...
Oracle Database Client System Analyzer Arbitrary File Upload
This Metasploit module exploits an arbitrary file upload vulnerability on the Client Analyzer component as included in Oracle Database 11g, which allows remote attackers to upload and execute arbitrary code. This Metasploit module has been tested successfully on Oracle Database 11g 11.2.0.1.0 on...
Oracle Database Client System Analyzer - Arbitrary File Upload (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Oracle Containers for J2EE/ include...
Flaw in Oracle Logon Protocol Leads to Easy Password Cracking
There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The attacker could then log on as an authenticated user...
Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability. The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The...
CVE-2009-2000
Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors...
Oracle Database 11G PL/SQL Injection
Digital Security Research Group DSecRG Advisory DSECRG-09-003 Application: Oracle database 11G Versions Affected: Oracle 11.1.0.6 and 10.2.0.1 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 17.11.2008 Vendor response: 18.11.2008 Last response: 24.11.2008 Date of...
Oracle Database 11g — EXFSYS PL/SQL injection vulnerability
Application: Oracle database 11G Versions Affected: Oracle 11.1.0.6 and 10.2.0.1 Vendor URL: http://oracle.com Bugs: PL/SQL Injections Exploits: YES Reported: 17.11.2008 Vendor response: 18.11.2008 Last response: 24.11.2008 Date of Public Advisory: 13.01.2009 Author: Alexandr Polyakov Description...