Zebra FX9500 RFID Reader Path Traversal (CVE-2020-10875)

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Metasploit Weekly Wrap-Up

Apache MQ and Three Cisco Modules in a Trenchcoat This week’s release has a lot of new content and features modules targeting two major recent vulnerabilities that got a great deal of attention: CVE-2023-46604 targeting Apache MQ resulting in ransomware deployment and CVE-2023-20198 targeting Cis...

Windows Gather PL/SQL Developer Connection Credentials

This module can decrypt the histories and connection credentials of PL/SQL Developer, and passwords are available if the user chooses to remember. Module Options msf use post/windows/gather/credentials/plsqldeveloper msf postplsqldeveloper show actions ...actions... msf postplsqldeveloper set...

Oracle Database Server (October 2023 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Oracle Spatial and Graph cURL component of Oracle Database Server. Supported versions that are affected are 19.3-19.2...

CVE-2023-22071

Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utlhttp privilege with network access via Oracle Net to...

Code injection

Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utlhttp privilege with network access via Oracle Net to...

CVE-2023-22071

CVE-2023-22071 affects Oracle Database Server, specifically the PL/SQL component. Affected versions are 19.3–19.20 and 21.3–21.11. The vulnerability allows a high-privileged attacker with Create Session and Execute on sys.utl_http and network access via Oracle Net to compromise PL/SQL. Exploitati...

PT-2023-6192 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.20 Oracle Database Server versions 21.3 through 21.11 Description: The vulnerability in the PL/SQL component of Oracle Database Server is related to insufficient input validation. Exploitation o...

CVE-2020-10875

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

Path traversal

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

CVE-2020-10875

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

CVE-2020-10875

The CVE-2020-10875 entry applies to Motorola FX9500 devices (Zebra FX9500 rebrand). A remote attacker can perform an absolute path traversal, demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. The Red Hat and CNVD entries corroborate the vulnerability description; Tenable p...

Oracle Database Attacking Tool: ODAT

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...

Allround Automations PL/SQL Developer Installed

Binary data allautoplsqldeveloper.nbin...

Allround Automations PL/SQL Developer < 11.0.6.1776 HTTP Insecure Update RCE

The version of Allround Automations PL/SQL Developer installed on the remote host is prior to 11.0.6.1776. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker...

Allround Automations PL/SQL Developer Arbitrary Code Execution Vulnerability

Allround Automations PL/SQL Developer is an integrated development environment for developing stored procedures for Oracle Databases. An arbitrary code execution vulnerability exists in Allround Automations PL/SQL Developer, which can be exploited by an attacker to execute arbitrary code...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

Design/Logic Flaw

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

CVE-2016-2346

CVE-2016-2346 affects Allround Automations PL/SQL Developer prior to 11.0.6.1776. The vulnerability arises from verifying HTTP update data, allowing a man-in-the-middle to modify the client‑server data stream and execute arbitrary code with the user’s privileges. Affected version: PL/SQL Develope...