EUVD-2004-1768

Malware in sbrugna...

EUVD-2004-1365

Malware in sbrugna...

EUVD-2004-1366

Malware in sbrugna...

EUVD-2004-1367

Malware in sbrugna...

EUVD-2005-1499

Malware in sbrugna...

EUVD-2006-7049

Malware in sbrugna...

Oracle DB SQL Injection Via SYS.LT.FINDRICSET Evil Cursor Method

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method', 'Description' = %q This module will escalate an Oracle DB user to DBA by...

Oracle Auditing Part 1: Standard Auditing

This is the first of three articles on the topic of Oracle auditing. It is relevant to Oracle 10g, 11g, and 12c, although Unified Auditing in 12c makes some of this content irrelevant if you choose to use Pure Unified Auditing. Unified Auditing will be covered in the third part of this series...

Oracle Reports Server unauthorized report execution vulnerability-vulnerability warning-the black bar safety net

Affected system: Oracle Reports 9i Oracle Reports 6i 6.0.8.19 Oracle Reports 6i 6.0.8 Oracle Reports 6 Oracle Reports 10g 9.0.4.3.3 Oracle Reports 10g 9.0.4 Oracle Reports 10g 9.0.3 Oracle Reports 10g 9.0.2 Oracle Reports 10g 9.0.1 Oracle Reports 10g 9.0 Description:...

Oracle 10g Alter Session Integer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19201/info Oracle 10g is reportedly prone to a integer-overflow vulnerability because the application fails to allocate a large enough data type to accommodate user-supplied input before using it in a query. This issue ha...

Oracle 10g KUPW$WORKER.MAIN - SQL Injection Exploit (2)

No description provided by source. !/usr/bin/perl Remote Oracle KUPW$WORKER.MAIN exploit 10g - Version 2 - New evil cursor injection tip! - No create procedure privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user Tested on...

Oracle 9i Multiple Unspecified Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10871/info Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities. The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others. There have also been...

Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14313/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may...

Oracle <= 9i / 10g (extproc) - Local/Remote Command Execution Exploit

No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...

Oracle 10g KUPM$MCP.MAIN - SQL Injection Exploit (2)

No description provided by source. !/usr/bin/perl Remote Oracle KUPM$MCP.MAIN exploit 10g - Version 2 - New evil cursor injection tip! - No create procedure privilege needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user Tested on...

RedoWalker - Tool to explore Oracle database transaction logs

RedoWalker is a tool to explore Oracle database transaction logs, otherwise known as redo logs. Any time changes are made to the database server, for example after an INSERT, DELETE or UPDATE, they are recorded in the redo log. These redo logs are stored in a proprietary and undocumented format...

[aidSQL] PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises ...

Oracle 1011g - exp.exe?file Local Buffer Overflow

Oracle 1011g - exp.exe?file Local Buffer Overflow !/usr/bin/python Oracle 10/11g exp.exe - param file Local Buffer Overflow PoC Exploit Date found approx: 9/3/2010 Software Link: http://www.oracle.com/technology/products/database/oracle10g/index.html Version: 10.x and 11g r1 r2 untested Tested on...

Oracle Database Server MD2 package VALIDATE_GEOM procedure Buffer Overflow (CVE-2004-1364)

Oracle database can natively manage geographic and location data. MD2 is one of the packages installed to provide the location and spatial data operations. This package is owned by user MDSYS and granted public execution permission by default. An input validation vulnerability exists within a...

Oracle 10g SYS. LT. COMPRESSWORKSPACETREE local injection vulnerability-vulnerability warning-the black bar safety net

Oracle 10g SYS. LT. COMPRESSWORKSPACETREE local injection vulnerability This is slightly modified version of: This is based on cursor injection and does not need create function privileges: DECLARE D NUMBER; BEGIN D := DBMSSQL. OPENCURSOR; DBMSSQL. PARSED,'declare pragma autonomoustransaction;...