CVE-2019-2571

Vulnerability in the RDBMS DataPump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise RDB...

EUVD-2020-22771

Malware in sbrugna...

CVE-2020-2969

Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to...

Oracle Database Password Hash Unauthorized Access

Title: CVE-2020-2969 – Unauthorized Access to Password Hashes by Account with DBA role Product: Database Manufacturer: Oracle Affected Versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Risk Level: Medium Solution Status: Fixed CVE Reference:...

Oracle Database 12.1.0.2 Spatial Component Privilege Escalation Vulnerability

Oracle Database version 12.1.0.2 suffers from a privilege escalation vulnerability that achieves DBA access via the Spatial component. Title: Oracle Database Privilege Escalation Through Oracle Spatial Component Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2 Tested Versions:...

Oracle Database 12.1.0.2 Spatial Component Privilege Escalation

Title: Oracle Database Privilege Escalation Through Oracle Spatial Component Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2 Tested Versions: 12cR1 Risk Level: High Solution Status: Fixed in Oracle Critical Patch Update October 2021 CVE Reference: N/A, Backported in Oracle CPU...

Design/Logic Flaw

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle N...

CVE-2022-21432

Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle N...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing

Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2020-2968 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow an authenticated attacker to take control of t...

CVE-2020-2978

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracl...

CVE-2020-2969

Vulnerability in the Data Pump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to...

CVE-2020-2978

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracl...

CVE-2020-2978

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracl...

CVE-2019-2571

Vulnerability in the RDBMS DataPump component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Difficult to exploit vulnerability allows high privileged attacker having DBA role privilege with network access via Oracle Net to compromise RDB...

Oracle Database Server Multiple Vulnerabilities (Apr 2019 CPU)

The remote Oracle Database Server is missing the April 2019 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - An authenticated local Portable Clusterware takeover vulnerability exists in the Oracle RDBMS. An authenticated, local attacker with the Grid...

oracle10g-sql.txt

// / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user / // / BY Sh2kerR Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: October 23, 2007 / / Written by: Alexandr "Sh2kerr" Polyakov / / email: [email protected]...

Oracle 10g - KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission

!/usr/bin/perl Remote Oracle KUPV$FT.ATTACHJOB exploit 10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: https://www.securityfocus.com/bid/16294 AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com DATE...

Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit

Exploit for multiple platform in category local exploits ======================================================== Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit ======================================================== / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret...

Oracle 10g - SYS.KUPV$FT.ATTACH_JOB PL / SQL Injection

/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST'...

Oracle <= 9i / 10g (read/write/execute) Exploitation Suite

No description provided by source. -- -- $Id: raptororaexec.sql,v 1.2 2006/11/23 23:40:16 raptor Exp $ -- -- raptororaexec.sql - java exploitation suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an exploitation suite for Oracle written in Java. Use it to --...