15 matches found
DEBIAN-CVE-2026-23927
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...
EUVD-2026-27528
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...
CVE-2026-23927
A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...
Oracle TNS Listener Checker
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle TNS Listener Checker', 'Description' = %q This module checks the server for vulnerabilities like TNS Poison. Module sends a server a packe...
CVE-2018-17891
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...
Code injection
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...
CVE-2018-17891
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...
Oracle TNS Listener Remote Poisoning
Binary data oracletnslistenermitm.nbin...
Oracle TNS Listener Command Issuer
This module allows for the sending of arbitrary TNS commands in order to gather information. Inspired from tnscmd.pl from www.jammed.com/jwa/hacks/security/tnscmd/tnscmd This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Oracle TNS Listener SID Enumeration
This module simply queries the TNS listener for the Oracle SID. With Oracle 9.2.0.8 and above the listener will be protected and the SID will have to be bruteforced or guessed. This module requires Metasploit: https://metasploit.com/download Current source:...
Oracle TNS Listener DoS
Command CONNECTDATA=COMMAND=SERVICECURLOAD causes service to hang after disconnection...
CVE-2002-0965
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICENAME parameter, which is not properly handled when writing an error message to a log file...
Oracle 8.1.x/9.0/9.2 - TNS Listener Service_CurLoad Remote Denial of Service
source: https://www.securityfocus.com/bid/5678/info The Oracle TNS Listener program is a remote connectivity service for Oracle Databases. Under some circumstances, it may be possible for a remote user to crash TNS Listener service. By connecting to the service, and issuing the SERVICECURLOAD...
Immunity Canvas: ORACLE8LISTENER_WIN32
Name| oracle8listenerwin32 ---|--- CVE| CVE-2001-0499 Exploit Pack| CANVAS Description| Oracle8i TNS Listener stack overflow Notes| References: http://otn.oracle.com/deploy/security/pdf/nainet8bof.pdf CVE Name: CVE-2001-0499 VENDOR: Oracle Repeatability: Single shot Date public: 27-06-2001 CERT...
oracle8-tnslsnr-DoS.txt
Oracle8 TNSLSNR DoS Jason Ackley [email protected] Mon, 28 Dec 1998 16:21:20 -0800 Greetings, I hope everyone had happy holidays with the IOS and Sun bugs, but now its time to get back to business.. Ohhh OK, one more DoS ! : Hopefully this is new, I searched the archives for 'tns' and 'oracle', bu...