EUVD-2008-6035

Malware in sbrugna...

Security Bulletin: IBM DB2 Security Vulnerability in the UTL_FILE module (CVE-2012-3324).

Abstract Vulnerability in IBM DB2 could allow an authenticated user, without proper authorization, to view, modify and delete any file. Content VULNERABILITY DETAILS CVE ID: CVE-2012-3324 DESCRIPTION: The IBM DB2 products listed below contain a security vulnerability that could allow an...

Oracle <= 9i / 10g File System Access via utl_file Exploit

No description provided by source. -- -- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an example file system access suite for Oracle based on the...

IBM DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities

According to its version, the installation of DB2 10.1 running on the remote host is affected by one or more of the following issues : - An error exists in the stored procedure 'SQLJ.DB2INSTALLJAR' that can allow unauthorized replacement of Jar files. Note this vulnerability only affects the...

IBM Db2 UTL_FILE Module Directory Traversal Vulnerability - Windows

IBM Db2 is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2"; ifdescription...

CVE-2012-3324

Directory traversal vulnerability in the UTLFILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field...

Directory traversal

Directory traversal vulnerability in the UTLFILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field...

CVE-2012-3324

Directory traversal vulnerability in the UTLFILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field...

CVE-2012-3324

Directory traversal vulnerability in the UTLFILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field...

CVE-2012-3324

IBM DB2 on Windows (DB2 10.1 and DB2 Connect 10.1) is affected by a directory traversal vulnerability in the UTL_FILE module. The issue arises from how file names are processed, allowing a remote authenticated user to view, modify, or delete arbitrary files outside the intended directory via a cr...

Oracle Database Server SQL Query Directory Traversal (CVE-2005-0701)

The Oracle UTLFILE package is a set of PL/SQL procedures that allow a database user to manipulate files on the server. Supported operations include: read, write, rename, and remove. The files that are available to users are restricted to directories that have been specified in the utlfiledir...

ORACLE to build the data file WriteWebShell collection-vulnerability warning-the black bar safety net

author: kj021320 Reprint please indicate the source In fact, similar to the ORACLE such a powerful database, really not necessary with this soil the way SQLJ stored procedure write file can also be forced to helpless the other machine does not support SQLJ and UTLFILE package is also to kill? Tha...

Design/Logic Flaw

Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the...

CVE-2008-6065

Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the...

ORACLE to build the data file WriteWebShell-vulnerability warning-the black bar safety net

In fact, similar to the ORACLE such a powerful database, really not necessary with this soil the way SQLJ stored procedure write file can also be forced to helpless the other machine does not support SQLJ and UTLFILE package is also to kill? That you can also use the following I said this way SQL...

CVE-2006-7141

Absolute path traversal vulnerability in Oracle Database Server, when utlfiledir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utlfile functions such as 1 utlfile.putline...

CVE-2006-7141

CVE-2006-7141 is an Oracle Database Server directory traversal vulnerability in the UTL_FILE package. When utl_file_dir is wildcarded or CREATE ANY DIRECTORY to PUBLIC privileges exist, remote authenticated users may read or modify arbitrary files via full file paths to utl_file functions such as...

raptor_orafile.sql.txt

-- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi -- -- This is an example file system access suite for Oracle based on the utlfile -- package http://www.adp-gmbh.ch/ora/plsql/utlfile.htm...

Oracle &lt;= 9i / 10g File System Access via utl_file Exploit

No description provided by source. -- -- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an example file system access suite for Oracle based on the...

Oracle <= 9i / 10g File System Access via utl_file Exploit

Exploit for linux platform in category remote exploits ========================================================== Oracle -- -- This is an example file system access suite for Oracle based on the utlfile -- package http://www.adp-gmbh.ch/ora/plsql/utlfile.html. Use it to remotely -- read/write OS...