EUVD-2024-18709

Malicious code in bioql PyPI...

CVE-2021-2326

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful...

Oracle DB SQL Injection Via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION', 'Description' = %q This module will escalate an Oracle DB user to DBA by...

Buffer overflow

Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database -...

CVE-2020-2969

Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to...

Integrate Your Ticketing System into Database Security to Prevent DBA Privilege Abuse

Many of the recent high-profile data security breaches were made by trusted insiders. They are often database administrators DBAs who are highly privileged and trusted insiders with access to sensitive data. In this blog post, I will discuss the inherent risk introduced by highly privileged...

Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger

This module will escalate an Oracle DB user to MDSYS by exploiting a sql injection bug in the MDSYS.SDOTOPODROPFTBL trigger. After that exploit escalate user to DBA using "CREATE ANY TRIGGER" privilege given to MDSYS user by creating evil trigger in system scheme 2-stage attack. This module...

Oracle 10g LT.FINDRICSET Local SQL Injection Exploit (IDS evasion)

No description provided by source. // / Oracle 10g LT.FINDRICSET SQL Injection Exploit / // / sploit grant DBA to scott / / evil cursor injection / / No "create procedure" privileg needed! / / + Funny IDS evasion vith base64 / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT:...

Oracle 10g11g - SYS.LT.FINDRICSET SQL Injection (2)

Oracle 10g11g - SYS.LT.FINDRICSET SQL Injection 2 !/usr/bin/perl http://rawlab.mindcreations.com/codes/exp/oracle/sys-lt-findricsetV2.pl Oracle SYS.LT.FINDRICSET exploit 11g/10g - Version 2 - New "evil cursor injection" tip! - No "create procedure" privilege needed! - See:...

Oracle 10g KUPM$MCP.MAIN - SQL Injection (2)

Oracle 10g KUPM$MCP.MAIN - SQL Injection 2 !/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g - Version 2 - New "evil cursor injection" tip! - No "create procedure" privilege needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user...