Oracle Workspace Manager LT软件包SQL注入漏洞

BUGTRAQ ID: 26098 Oracle Database是一款商业性质大型数据库系统。 Oracle中捆绑的Workspace Manager包含有名为LT的软件包，LT软件包的实现上存在SQL注入漏洞，远程攻击者可能利用此漏洞获取非授权访问。 LT软件包属于SYS用户，可被PUBLIC执行，LT中的FINDRICSET过程调用了LTRIC软件包中的FINDRICSET ，而这个调用过程中存在SQL注入漏洞，允许远程攻击者通过提交恶意的SQL查询请求获得SYS权限。 Oracle Oracle9i Oracle Oracle10g Release 2 Oracle...

SQL Injection Flaw in Oracle Workspace Manager

resend with title... NGSSoftware Insight Security Research Advisory Name: SQL Injection Flaw in Oracle Workspace Manager Systems Affected: Oracle 10g release 1 and 2, Oracle 9i Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 22nd August...

Design/Logic Flaw

Unspecified vulnerability in 1 SYS$EI1000.EXE and 2 SYS$EI1000MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service machine crash via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffe...

Unfixed XSS vulnerability at www2.sys-con.com

Security researcher MaXWeL, has submitted on 09/03/2007 a cross-site-scripting XSS vulnerability affecting www2.sys-con.com, which at the time of submission ranked 9635 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/03/2007. It is currently...

Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit

No description provided by source. / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can be opened by any...

Norman Virus Control - nvcoaft51.sys ioctl BF672028

Norman Virus Control - nvcoaft51.sys ioctl BF672028 / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstract nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver NvcOa can b...

Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit

Exploit for unknown platform in category local exploits ========================================================= Norman Virus Control nvcoaft51.sys ioctl BF672028 Exploit ========================================================= / Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit Abstrac...

Sql injection

Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service host operating system crash via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is...

Design/Logic Flaw

vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service host operating system crash and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode...

CVE-2007-4591

CVE-2007-4591 concerns a local denial of service (host OS crash) and potential privilege escalation in VMware Workstation 6.0. The issue is tied to the driver vstor-ws60.sys; by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode...

file: Integer underflow

Background file is a utility that guesses a file format by scanning binary data for patterns. Description Jean-Sebastien Guay-Leroux reported an integer underflow in fileprintf function. Impact A remote attacker could entice a user to run the "file" program on a specially crafted file that would...

CVE-2007-1495

The CVEs concern Symantec Norton Personal Firewall 2006 (9.1.1.7) and related Norton products using symevent.sys 12.0.0.20/SYMTDI.SYS. Affected component: \Device\SymEvent and driver interface; root cause is sending crafted data to the driver (e.g., via DeviceIoControl) that leads to invalid memo...

Linux Omnikey Cardman 4040 driver Local Buffer Overflow Exploit PoC

No description provided by source. / Linux Omnikey Cardman 4040 driver buffer overflow CVE-2007-0005 Copyright C Daniel Roethlisberger [email protected] Compass Security Network Computing AG, Rapperswil, Switzerland. All rights reserved. http://www.csnc.ch/ / includesys/stat.h...

Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (2)

source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter execute with 'SYS' user privilege...

Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (2)

Oracle 10g Database - SUBSCRIPTIONNAME SQL Injection 2 source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that...

Oracle 10g Database - SUBSCRIPTION_NAME SQL Injection (1)

Oracle 10g Database - SUBSCRIPTIONNAME SQL Injection 1 source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that...

Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (1)

source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter execute with 'SYS' user privilege...

Intel 2200BG 802.11 - disassociation packet Kernel Memory Corruption

/ Title: Intel 2200BG 802.11 disassociation packet Kernel Memory Corruption Description: The intel wireless mini-pci driver provided with Intel / Title: Intel 2200BG 802.11 disassociation packet Kernel Memory Corruption Description: The intel wireless mini-pci driver provided with Intel 2200BG...

Microsoft Windows图形设备接口附加库拒绝服务

No description provided by source. !/bin/perl 0-day crash poc gdiplus.dll by Mr.Niega Check out hex offset 2e play with the 2byte's, set it to 20 if you want a non crashing ico file Division by zero this POC tested with: win XP ENG sp2 And for SYS 49152 im that 0daysec guy ; Rename Poc.ico to...

NetGear wireless driver fails to properly process specially-crafted 802.11 management frames

Overview A buffer overflow vulnerability exists in the Netgear WG311ND5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG311ND5.SYS driver is a wireless 802.11g device driv...