Re: [Full-disclosure] [RECTIFY] Oracle 10g exploit - dbms_aq.enqueue - become DBA

2007-04-03 Thread Andrea "bunker" Purificato
lly, after new analysis on other targets the code seems not working as aspected. I apologize for the mistake, the code was just removed, waiting for new (oculated) hints. Regards, -- Andrea "bunker&quo

0day Oracle 10g exploit - dbms_aq.enqueue - become DBA

2007-04-02 Thread Andrea "bunker" Purificato
[0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g) Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com DATE: Mon Apr

PS Information Leak on HP True64 Alpha OSF1 v5.1 1885

2007-02-06 Thread Andrea \"bunker\" Purificato
[After months of silence from the "HP Software Security Response Team"] -Type: Information leak -Risk: low -Author: Andrea "bunker" Purificato - http://rawlab.mindcreations.com -Description: the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha, developed with

Re: [Full-disclosure] PS Information Leak on HP Tru64 Alpha OSF1 v5.1 1885

2007-02-06 Thread Andrea \"bunker\" Purificato
On mar, 2007-02-06 at 12:44 +0100, Andrea "bunker" Purificato wrote: > -Code: http://rawlab.mindcreations.com/codes/exp/nix/osf1true64ps.ksh Sorry, dyslexic typo :-) http://rawlab.mindcreations.com/codes/exp/nix/osf1tru64ps.ksh -- Andrea "