19 matches found
EUVD-2006-1875
Malware in sbrugna...
Oracle DB SQL Injection In MDSYS.SDO_TOPO_DROP_FTBL Trigger
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection in MDSYS.SDOTOPODROPFTBL Trigger', 'Description' = %q This module will escalate an Oracle DB user to MDSYS by exploiting ...
CVE-2010-3590
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS...
CVE-2010-3590
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS...
CVE-2010-3590
CVE-2010-3590 affects the Oracle Spatial component in Oracle Database Server versions 10.2.0.4, 11.1.0.7, and 11.2.0.1. The issue, tied to MDSYS, permits remote authenticated users to impact confidentiality and integrity. Connected sources note this CVE is among the Oracle January 2011 CPU fixes;...
Oracle Database Server MD2 package VALIDATE_GEOM procedure Buffer Overflow (CVE-2004-1364)
Oracle database can natively manage geographic and location data. MD2 is one of the packages installed to provide the location and spatial data operations. This package is owned by user MDSYS and granted public execution permission by default. An input validation vulnerability exists within a...
Oracle 10g SQL Injection
$Id: droptabletrigger.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core'...
Oracle 10g - MDSYS.SDO_TOPO_DROP_FTBL SQL Injection (Metasploit)
$Id: droptabletrigger.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core'...
Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2
NGSSoftware Insight Security Research Advisory Name: Trigger abuse of MDSYS.SDOTOPODROPFTBL Systems Affected: Oracle 10g R1 and R2 10.1.0.5 and 10.2.0.2 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 23rd July 2008 Date of Public...
CVE-2008-3979
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on...
Sql injection
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on...
CVE-2008-3979
CVE-2008-3979 is an Oracle Database issue affecting the Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2. The vulnerability exists in the MDSYS.SDO_TOPO_DROP_FTBL trigger, where an SQL injection flaw could be exploited by a remote authenticated user to escalate privileges (potentially t...
CVE-2008-3979
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on...
[Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Alert Oracle Database Buffer overflow vulnerability in function MDSYS.SDOCS.TRANSFORM October 29, 2007 Risk Level: High Affected versions: Oracle Database Server versions 8iR3, 9iR1, 9iR2 9.2.0.6 and previous patchsets and 10gR1...
Sql injection
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via 1 DBMSJAVATEST in the JavaVM component DB01, 2 Oracle Text component DB09, and 3 MDSYS.SDOGEORINT in the Spatial component DB15. NOTE: a reliable researcher...
CVE-2006-5345
CVE-2006-5345 is an unspecified vulnerability in the Oracle Spatial component of Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4. The entry notes remote authenticated attack vectors related to mdsys.sdo_geom and cites a possible relation to a length-checking issue in RELATE before MD2.RELATE is ca...
CVE-2006-1875
CVE-2006-1875 concerns Oracle Database Server versions 9.0.1.5, 9.2.0.7, and 10.1.0.5 with an unspecified vulnerability in the Oracle Spatial component (aka Vuln# DB11). The connected sources indicate the issue has unknown impact and attack vectors in Spatial, and note a researcher claim that the...
Oracle Trigger Abuse (#NISR2122004I)
NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i Trigger Abuse Systems Affected: Oracle 10g/9i on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...