Bejtlich Skills and Interest Radar from July 2005

This is unusual. I found this "skills and interest radar" diagram I created in July 2005. It looks like my attempt to capture and prioritize technical interests. At the time I was about to start consulting on my own, IIRC. Copyright 2003-2020 Richard Bejtlich and TaoSecurity...

Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15032/info Oracle iSQLPLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specific HTTP request, remote...

Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service

Oracle 9.0 iSQLPlus - TLS Listener Remote Denial of Service source: https://www.securityfocus.com/bid/15032/info Oracle iSQLPLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a...

[Full-disclosure] Cross-Site-Scripting Vulnerability in Oracle XMLDB

Cross-Site-Scripting Vulnerability in Oracle XMLDB Name Cross-Site-Scripting Vulnerability in Oracle XMLDB Systems Affected Oracle Database 9i Rel. 2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...

[Full-disclosure] Shutdown TNS Listener via Oracle iSQL*Plus

Shutdown TNS Listener via Oracle iSQLPlus Name Shutdown TNS Listener via Oracle iSQLPlus Systems Affected Oracle Database 9i Rel. 2 Severity Medium Risk Category Denial of Service Vendor URL http://www.oracle.com This advisory http://www.red-database-security.com/advisory/oracleisqlplusshutdown.h...

Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service

source: https://www.securityfocus.com/bid/15032/info Oracle iSQLPLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specific HTTP request, remote attackers may cause the affected...

Run any OS Command via unauthorized Oracle Reports

Name Run any OS Command via unauthorized Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-014...

Read parts of any XML-file via customize parameter in Oracle Reports

Name Read parts of any XML-file via customize parameter in Oracle Reports Systems Affected All version of Oracle Reports Severity Medium Risk Category Information disclosure Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Adviso...

[Full-disclosure] Silently fixed security bugs in Oracle Critical Patch Update July 2005

Hello BugTraq-Reader After reading the patch documentation and some tests with the CPU July 2005 I found out that Oracle fixed some security bugs silently without mention these bugs in their current risk matrix. Detailed information about most of these bugs are not available via Metalink but in...

phpsource.traverse.txt

--SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =3D=3D Vendor: Kaf Oseo =3D=3D Product: http://guff.szub.net/quick-dirty-phpsource-printer/ =3D=3D Version: 1.0 =3D=3D Vulnerability: Filtering "../" to "" allowed...