Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger

This module will escalate an Oracle DB user to MDSYS by exploiting a sql injection bug in the MDSYS.SDOTOPODROPFTBL trigger. After that exploit escalate user to DBA using "CREATE ANY TRIGGER" privilege given to MDSYS user by creating evil trigger in system scheme 2-stage attack. This module...

Design/Logic Flaw

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615...

CVE-2009-4311

Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615...

CVE-2009-4311

CVE-2009-4311 describes an unspecified vulnerability in Microsoft's Indeo codec used by Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, enabling remote code execution via crafted media content. Connected documents reference multiple SoCs (OpenVAS/NVD) and Microsoft security advisories (KB95575...

SharePoint 2007 ASP.NET Source Code Disclosure

======= Summary ======= Name: SharePoint Team Services source code disclosure through download facility Release Date: 21 October 2009 Reference: NGS00532 Discover: Daniel Martin [email protected] Vendor: Microsoft Systems Affected: SharePoint 2007 12.0.0.6219, 12.0.0.4518 and possibly others...

SharePoint 2007 - Team Services Source Code Disclosure

SharePoint 2007 - Team Services Source Code Disclosure ======= Summary ======= Name: SharePoint Team Services source code disclosure through download facility Release Date: 21 October 2009 Reference: NGS00532 Discover: Daniel Martin Vendor: Microsoft Systems Affected: SharePoint 2007 12.0.0.6219,...

Anonymous Remote Arbitrary Code Execution in Alien Arena 7.30

Anonymous Remote Arbitrary Code Execution in Alien Arena 7.30 ------------------------------------------------------------- October 21st, 2009 ======= Summary ======= Name: Anonymous Remote Arbitrary Code Execution in Alien Arena 7.30 Release Date: October 21st, 2009 Discoverer: Jason Geffner...

windows x86 null-free bindshell for Windows 5.0-7.0 all service packs

Exploit for win32 platform in category shellcode ===================================================================== Windows x86 null-free bindshell for Windows 5.0-7.0 all service packs ===================================================================== BITS 32 ; Windows x86 null-free...

Oracle 10g MDSYS.SDO_TOPO_DROP_FTBL SQL Injection Exploit (meta)

No description provided by source. $Id: droptabletrigger.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Oracle 10g LT.FINDRICSET Local SQL Injection Exploit (IDS evasion)

No description provided by source. // / Oracle 10g LT.FINDRICSET SQL Injection Exploit / // / sploit grant DBA to scott / / evil cursor injection / / No "create procedure" privileg needed! / / + Funny IDS evasion vith base64 / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT:...

Oracle 10g - LT.FINDRICSET SQL Injection (IDS Evasion)

Oracle 10g - LT.FINDRICSET SQL Injection IDS Evasion // / Oracle 10g LT.FINDRICSET SQL Injection Exploit / // / sploit grant DBA to scott / / evil cursor injection / / No "create procedure" privileg needed! / / + Funny IDS evasion vith base64 / // / tested on oracle 10.1.0.2.0 / // // / Date of...

oracle10g-sql.txt

// / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user / // / BY Sh2kerR Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: October 23, 2007 / / Written by: Alexandr "Sh2kerr" Polyakov / / email: [email protected]...

Oracle 10g - CTX_DOC.MARKUP SQL Injection

Oracle 10g - CTXDOC.MARKUP SQL Injection // / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user / // / BY Sh2kerR Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: October 23, 2007 / / Written by: Alexandr "Sh2kerr"...

Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection

// / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user / // / BY Sh2kerR Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: October 23, 2007 / / Written by: Alexandr "Sh2kerr" Polyakov / / email: [email protected]...

Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup

======= Summary ======= Today: 31 January 2007 Reference: NGS00404 Discover: Mark Litchfield Name: Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup for Laptops & Desktops Vendor: Computer Associates Systems Affected: BrightStor ARCserve Backup for Laptops & Desktops r11.1 Risk:...

WebEx Downloader Plug-in Multiple Vulnerabilities + rant

All these vulnerabilities were reported to WebEx by NGS Software back on the 24th February 2005 along with some other issues. The current Director of the X-Force new about these issues as at the time of their discovery, he worked with NGS. Seeing as I'm the subject, here is another example whereb...

[NEWS] Lotus Domino Buffer Overflow (Time/Date Field)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L)

NGSSoftware Insight Security Research Advisory Name: IBM DB2 generatedistfile buffer overflow Systems Affected: DB2 8.1/7.x Severity: High risk Vendor URL: http://www.ibm.com/ Author: David Litchfield david at ngssoftware.com Relates to: http://www.nextgenss.com/advisories/db2-01.txt Date of Publ...

More DBCC overruns SQL SEVER 2000

To compliment http://online.securityfocus.com/archive/1/284382/2002-07-20/2002-07-26/0 there also exists another two bufferoverruns. Although not documented on MS they are fixed in http://download.microsoft.com/download/SQLSVR2000/Patch/8.00.0667/W98NT4 2KMeXP/EN-US/8.00.0667enu.exe 1 DBCC...