Lucene search
K

6 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.572 views

Oracle TNS Listener Checker

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle TNS Listener Checker', 'Description' = %q This module checks the server for vulnerabilities like TNS Poison. Module sends a server a packe...

7.5CVSS7.1AI score0.77633EPSS
Exploits3
Prion
Prion
added 2012/05/08 10:55 p.m.16 views

Design/Logic Flaw

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by...

7.5CVSS7.7AI score0.77633EPSS
Exploits3References10Affected Software1
The Hacker News
The Hacker News
added 2012/05/01 11:30 p.m.28 views

Oracle Database new zero day exploit put users at risk

Oracle Database new zero day exploit put users at risk Oracle has recommended workarounds for a zero-day Oracle Database flaw that was not fixed in the company's April critical patch update. Oracle issued a security alert for Oracle TNS Poison, the vulnerability, disclosed by researcher Joxean...

7.5CVSS6.8AI score0.77633EPSS
Exploits3
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.37 views

Oracle TNS Poison vulnerability is actually a 0day with no patch available

Hi all, Short history: The remote pre-authenticated vulnerability with CVSS2 10 I published some days ago 1, the vulnerability I called Oracle TNS Poison reported to vendor in 2008, is a 0day affecting all database versions from 8i to 11g R2. There is no patch at all for this vulnerability and...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.121 views

Re: The history of a -probably- 13 years old Oracle bug: TNS Poison

I wanted to comment on the workarounds for this problem: 1 Setting SQLNET.ENCRYPTIONSERVER=REQUIRED on the server is not enough to protect you. To avoid "man in the middle" attacks, you need to have an SSL certificate on the server and SSLSERVERDNMATCH=TRUE in the client's sqlnet.ora. 2 Another w...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2012/04/22 12:0 a.m.125 views

The history of a -probably- 13 years old Oracle bug: TNS Poison

tl;dr - Patch your database ASAP with Oracle Critical Patch Update April 2012. Introduction ------------ The following advisory explains a vulnerability I found in 2008 in all versions of Oracle Database server until very recently. The bug is probably available in any Oracle Database version sinc...

1.3AI score
Exploits0
Rows per page
Query Builder