Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB 10gR2, 11gR1/R2 DBMSJVMEXPPERMS OS Command Execution', 'Description' = %q This module exploits a flaw 0 day in DBMSJVMEXPPERMS package...

Oracle DB Privilege Escalation Via Function-Based Index

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB Privilege Escalation via Function-Based Index', 'Description' = %q This module will escalate an Oracle DB user to DBA by creating a...

CVE-2 0 1 5-0 3 9 3: Oracle released a serious security vulnerability alerts-a vulnerability alert-the black bar safety net

Oracle on Tuesday released this year's first security patches upgrade the CPU for the announcement, the attendant, there are some disturbing vulnerability warning. Maybe this two-day operation and maintenance of the students need to give their company the Oracle products on the newly released 1 6...

Researcher Uncovers Vulnerability Oracle Data Redaction Security Feature

Oracle’s newly launched Data Redaction security feature in Oracle Database 12c can be easily disrupted by an attacker without any need to use exploit code, a security researcher long known as a thorn in Oracle's side said at Defcon. Data Redaction is one of the new Advanced Security features...

Oracle Database Redaction 'Trivial to Bypass'

LAS VEGAS–David Litchfield for many years was one of the top bug hunters in the game and specialized in causing large-scale headaches for Oracle. When he decided to retire and go scuba diving, there likely were few tears shed in Redwood City. Litchfield recently decided to resurface, which is goo...

Oracle 9i XDB FTP PASS Overflow (win32)

No description provided by source. $Id: oracle9ixdbftppass.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Oracle 9i XDB HTTP PASS Overflow (win32)

No description provided by source. $Id: oracle9ixdbpass.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

AudioTran 1.4.2.4 SafeSEH+SEHOP Exploit

No description provided by source. Exploit Title: AudioTran SafeSEH+SEHOP all-at-once attack method exploit Date: 2010.10.1 Author: x90c Software Link: http://www.exploit-db.com/application/14961/ Version: 1.4.2.4 Tested on: - MS Win xp sp3 pro ko SafeSEH - MS Win xp sp3 pro en SafeSEH - MS Win...

Oracle 9i XDB FTP UNLOCK Overflow (win32)

No description provided by source. $Id: oracle9ixdbftpunlock.rb 10559 2010-10-05 23:41:17Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...

AudioTran 1.4.2.4 SafeSEH + SEHOP Exploit

Exploit for windows platform in category local exploits ========================================= AudioTran 1.4.2.4 SafeSEH + SEHOP Exploit ========================================= Exploit Title: AudioTran SafeSEH+SEHOP all-at-once attack method exploit Date: 2010.10.1 Author: x90c Software Link...

Oracle DB 11g R1/R2 DBMS_JVM_EXP_PERMS OS Code Execution

This module exploits a flaw 0 day in DBMSJVMEXPPERMS package that allows any user with create session privilege to grant themselves java IO privileges. Identified by David Litchfield. Works on 11g R1 and R2 Windows only. This module requires Metasploit: https://metasploit.com/download Current...

Oracle 11gR2 Multiple Remote Privilege Escalation Vulnerabilities

Exploit for unknown platform in category remote exploits ================================================================= Oracle 11gR2 Multiple Remote Privilege Escalation Vulnerabilities ================================================================= This file is part of the Metasploit...

Oracle 10g - Multiple Privilege Escalation Vulnerabilities

Oracle 10g - Multiple Privilege Escalation Vulnerabilities source: https://www.securityfocus.com/bid/38115/info Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. The attacker can exploit these issues to escala...

Oracle 9i XDB FTP UNLOCK Overflow (win32)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Oracle 9i XD...

Oracle 9i XDB HTTP PASS Overflow (win32)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Oracle 9i XD...

Oracle 10g - LT.FINDRICSET SQL Injection (IDS Evasion)

Oracle 10g - LT.FINDRICSET SQL Injection IDS Evasion // / Oracle 10g LT.FINDRICSET SQL Injection Exploit / // / sploit grant DBA to scott / / evil cursor injection / / No "create procedure" privileg needed! / / + Funny IDS evasion vith base64 / // / tested on oracle 10.1.0.2.0 / // // / Date of...

Oracle 10g LT.FINDRICSET Local SQL Injection Exploit (IDS evasion)

Exploit for multiple platform in category local exploits ================================================================== Oracle 10g LT.FINDRICSET Local SQL Injection Exploit IDS evasion ================================================================== // / Oracle 10g LT.FINDRICSET SQL Injecti...

Oracle 10g - CTX_DOC.MARKUP SQL Injection

Oracle 10g - CTXDOC.MARKUP SQL Injection // / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user / // / BY Sh2kerR Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: October 23, 2007 / / Written by: Alexandr "Sh2kerr"...

Oracle 10g CTX_DOC.MARKUP SQL Injection Exploit

Exploit for multiple platform in category local exploits =============================================== Oracle 10g CTXDOC.MARKUP SQL Injection Exploit =============================================== // / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user ...

Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection

// / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user / // / BY Sh2kerR Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: October 23, 2007 / / Written by: Alexandr "Sh2kerr" Polyakov / / email: [email protected]...