26 matches found
EUVD-2001-0924
Malware in sbrugna...
EUVD-2002-0850
Malware in sbrugna...
EUVD-2004-1364
Malware in sbrugna...
EUVD-1999-0869
Malware in sbrugna...
EUVD-2001-0925
Malware in sbrugna...
Oracle 8/9i DBSNMP Oracle Home Environment Variable Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/3138/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. When the ORACLEHOME environment variable is filled with 750 bytes or...
Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net
Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...
CVE-2004-1367
Oracle 10g Database Server, when installed with a password that contains an exclamation point "!" for the 1 DBSNMP or 2 SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SY...
CVE-2002-0858
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges...
CVE-2002-0858
CVE-2002-0858 involves the Oracle 9i/8i packages (catsnmp) installed with the dbsnmp user using a default password. The issue allows an attacker to perform restricted database operations and potentially gain additional privileges due to the insecure dbsnmp account. Affected component: catsnmp ins...
CVE-2001-0941
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLEHOME environment variable...
CVE-2001-0942
The CVE concerns Oracle 8.1.6 and 8.1.7 where dbsnmp uses the ORACLE_HOME environment variable to locate and execute the dbsnmp program. A local user can point ORACLE_HOME to an attacker-controlled directory that contains a malicious dbsnmp, enabling arbitrary code execution with local privileges...
CVE-2001-0942
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLEHOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLEHOME to an alternate directory that contains a malicious version of dbsnmp...
CVE-2001-0943
CVE-2001-0943 : Affects Oracle 8.0.5 and 8.1.5 where dbsnmp trusts the PATH environment to locate and execute (1) chown or (2) chgrp). By manipulating PATH, a local attacker can run Trojan Horse programs and gain arbitrary code execution. The description does not specify exploit status, affected ...
Oracle 8i - 'dbsnmp' Remote Denial of Service
// source: https://www.securityfocus.com/bid/3903/info Oracle 8i is an enterprise level database solution. It is available on a wide variety of platforms, including many Unix operating systems. It is possible to cause a denial of service condition in Oracle 8i. If either of the dbsnmpstart or...
Oracle 8i - dbsnmp Remote Denial of Service
Oracle 8i - dbsnmp Remote Denial of Service // source: https://www.securityfocus.com/bid/3903/info Oracle 8i is an enterprise level database solution. It is available on a wide variety of platforms, including many Unix operating systems. It is possible to cause a denial of service condition in...
ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Home Environment Variable Buffer Overflow For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/dbsmpalert.pdf Summary: By setting a long ORACLEHOME value more...
oracle8.exploit.txt
---------- Forwarded message ---------- Date: Sat, 13 Nov 1999 15:01:08 -0600 From: [email protected] To: [email protected] Subject: BOUNCE [email protected]: Approval required: From [email protected] Sat Nov 13 15:01:06 1999 Received: from sword.damocles.com...
Oracle 8.1.5 dbnsmp vulnerability
Title: Vulnerability in dbsnmp in Oracle 8.1.5 Date: 01-08-2001 Platform: Only tested in Digital Unix. Impact: Any user can gain root privileges Author: Ismael Briones Vilar [email protected] Status: Vendor Contacted, and they are investigating a fix . PROBLEM SUMMARY: There is a problem in...
Local Vulnerability in dbsnmp binary in Oracle 8.1.6 - 8.1.7 - 9i
WWW.PLAZASITE.COM Systems & Security Division Title: Local Vulnerability in dbsnmp binary Date: 13-07-2001 Platform: Only tested in Linux but can be exported to others. Impact: Users belonging to oracle group can obtain euid=0 Author: Juan Manuel Pascual Escriba [email protected] Status: Vendor...