6 matches found
Oracle NUMTODSINTERVAL() Buffer Overflow Exploit
This module exploits a buffer overflow in Oracle9i. When sending a specially formatted query to the numtodsinterval function, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 1 then rexploit using target 0. The first query will disab...
Oracle 9.x Database Parameter/Statement Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and...
CVE-2003-1208
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by 1 setting the TIMEZONE session parameter to a long value, or providing long parameters to the 2 NUMTOYMINTERVAL, 3 NUMTODSINTERVAL or 4 FROMTZ functions...
Oracle9i Database contains buffer overflow in NUMTODSINTERVAL() function
Overview Oracle9i Database contains a buffer overflow in the NUMTODSINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTODSINTERVAL function. Thi...
Oracle 9.x - Database Statement Buffer Overflow
Oracle 9.x - Database Statement Buffer Overflow source: https://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL,...
Oracle 9.x - 'Database' / Statement Buffer Overflow
source: https://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and FROMTZ functions. Excessive data pass...