-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Exploit code released
Oracle Forms and Reports
9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone
Installation
11g if patch or workaround not applied
12g code rewrite has mitigated this vulnerability.
Undocument PARSEQUERY function all
Hello Everyone,Just an update that Oracle has released a fix for the vulnerabilities in these two packages and if you're using them you should use the new versions.Oracle ASR Manager 4.3.2: Patch 16431755Oracle Automated Service Manager (OASM) 1.4.1: Patch 16426687ThanksLarry
__
Oracle Auto Service Request /tmp file clobbering vulnerability
http://www.oracle.com/us/support/systems/premier/auto-service-request-155415.html
http://docs.oracle.com/cd/E18476_01/doc.220/e18478/asr.htm
I noticed it creates files insecurely in /tmp using time stamps instead of mkstemp(). You
Oracle Automated Service Manager 1.3 local root during install
Larry W. Cashdollar
1/29/2013
@_larry0
SUNWsasm-1.3.1-20110815093723
https://updates.oracle.com/Orion/Services/download?type=readme&aru=15864534
From the README:
"Oracle
Oracle Exadata leaf switch logins
11/28/2012
From Oracle.com "Oracle Exadata is the only database machine that
provides extreme performance for both data warehousing and OLTP
applications, making it the ideal platform for consolidating on private
clouds. It is a complete package of servers, sto
Hi all,
Short history:
The remote pre-authenticated vulnerability with CVSS2 10 I published
some days ago [1], the vulnerability I called Oracle TNS Poison
(reported to vendor in 2008), is a 0day affecting all database versions
from 8i to 11g R2. There is no patch at all for this vulnerability an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
Oracle Enterprise Manager vulnerable to Session fixation.
Risk Level:
Low
Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7 (and
previous patchsets)
Remote exploitable:
Yes
C
Title:
==
Oracle Service Applications - SQL Injection Vulnerabilities
Date:
=
2012-04-12
References:
===
http://www.vulnerability-lab.com/get_content.php?id=478
VL-ID:
=
478
Introduction:
=
Oracle Corporation (NASDAQ: ORCL) is an American multinational comput
El 26/03/12 13:37, Damien Cauquil escribió:
> Hi klondike,
>
>
> > PS: What I wonder now is, are the guys behind the CTF reading
> Full-disclosure?
>
> I guess you now have your answer.
>
> > The guys have a cool XSS injection on the fake webmail service which
> can be exploited with a properly cra
BTW last vuln' was also fixed during the prequals.
MajinBoo
Le 26/03/12 13:37, Damien Cauquil a écrit :
Hi klondike,
> PS: What I wonder now is, are the guys behind the CTF reading
Full-disclosure?
I guess you now have your answer.
> The guys have a cool XSS injection on the fake webmail
Hi klondike,
> PS: What I wonder now is, are the guys behind the CTF reading
Full-disclosure?
I guess you now have your answer.
> The guys have a cool XSS injection on the fake webmail service which
can be exploited with a properly crafted subject
You're right, and it has been fixed during the
El 24/03/12 05:27, klondike escribió:
> So I was bored with the nuit du hack prequals and decided to test a
> bit the e-mail service.
>
> The guys have a cool XSS injection on the fake webmail service which
> can be exploited with a properly crafted subject (i.e.
> alert('Hello!'); ). I thought the
We resolved this off list. There are work arounds I provided that reduce risk.
Larry C$
On Mar 14, 2012, at 10:52 PM, Alex Buie wrote:
> I like the two day notification window...
>
> On Mar 14, 2012 6:36 PM, "larry Cashdollar" wrote:
> >
> > Oracle Exadata Infiniband Switch default logins an
I like the two day notification window...
On Mar 14, 2012 6:36 PM, "larry Cashdollar" wrote:
>
> Oracle Exadata Infiniband Switch default logins and world readable shadow
file
>
> Hi Full-Disclosure List,
>
> I've noticed a minor issue with the 1/4 rack Oracle Exadata Solution.
>
> What is Exadat
Oracle Exadata Infiniband Switch default logins and world readable shadow fileHi Full-Disclosure List,I've noticed a minor issue with the 1/4 rack Oracle Exadata Solution.What is Exadata?From Oracle.com "Oracle Exadata is the only database machine that provides extreme performance for both data war
On Sat, 05 Nov 2011 19:43:46 -, Ryan Dewhurst said:
> It doesn't matter what file was included. The problem is that a local
> file can be included, irrelevant to the choice of file.
Yes, but you won't get Oracle to do squat about a directory traversal bug that
coughs up a world-readable file -
It doesn't matter what file was included. The problem is that a local
file can be included, irrelevant to the choice of file.
Ryan Dewhurst
blog www.ethicalhack3r.co.uk
twitter www.twitter.com/ethicalhack3r
projects www.dvwa.co.uk | www.webwordcount.com | code.google.com/p/wpscan
On Sat, Nov 5,
Password file, yawn. Shadow password file, that would be a much bigger
deal...
On Nov 5, 2011 11:46 AM, wrote:
> On Sat, 05 Nov 2011 18:58:20 BST, =?ISO-8859-1?Q?Buher=E1tor?= said:
>
> > "Oracle NoSQL Database is intended to be installed in a secure
> > location where physical and network access
On Sat, 05 Nov 2011 18:58:20 BST, =?ISO-8859-1?Q?Buher=E1tor?= said:
> "Oracle NoSQL Database is intended to be installed in a secure
> location where physical and network access to the store is restricted
> to trusted users.
Which any savvy sysadmin knows really means "It's your problem to set
Hi List,
I don't know if this worth anything, because the manual says:
"Oracle NoSQL Database is intended to be installed in a secure
location where physical and network access to the store is restricted
to trusted users. For this reason, at this time Oracle NoSQL
Database's security model is des
As you see,someone report this on WooYun
http://www.wooyun.org/bugs/wooyun-2010-02761
:)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Sense of Security - Security Advisory - SOS-11-009
Release Date. 19-Jul-2011
Last Update. -
Vendor Notification Date. 23-Mar-2011
Product. Oracle Sun GlassFish Enterprise
Server
Platform.
Goedemiddag,
Oracle has released a patch for a vulnerability in Java 6 that I reported to
them. If you like to know more, you can read about it here:
http://skypher.com/index.php/2010/10/13/issue-18-oracle-java-applet-childre/
Cheers,
SkyLined
Berend-Jan Wever
Delft, The Netherlands
http://sk
Hi,
Specific to 11i, I have found there are, infact, 3 parameters vulnerable to
reflective XSS in OA.jsp.
###
1. *page*
HTTP Request:
GET /OA_HTML/OA.jsp?page=/oracle/apps/fnd/framework/navigate/
webui/HomePage"/>alert("XSS")&homePage=Y&OAPB
2. *_rc*
HTTP Request:
GET /OA_HTML/OA.jsp?_rc=>"'>a
Hi!
I've just released the working exploit for CTXSYS.DRVXTABC.CREATE_TABLES
injection on Oracle DB 9i/10g (CVE-2009-1991)
You can find the code on my site, http://rawlab.mindcreations.com
In particular,
Classic SQL injection:
http://rawlab.mindcreations.com/codes/exploit/oracle/ctxsys-drvxtabc-
Many security standards require the tracking of users' password history to
prevent password re-use. In Oracle 11g (11.1.0.6), if a security
administrator has enabled 11g passwords exclusively then tracking password
history is broken. This can affect compliance. This was addressed by Oracle
in t
Hey all,
The Oracle REPCAT_RPC.VALIDATE_REMOTE_RC function executes blocks of
anonymous PL/SQL that can be influenced by an attacker to execute arbitrary
PL/SQL. As this package is only accessible directly by SYS this flaw would
not normally present a risk. However, the REPCAT_RPC.VALIDATE_REMOT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi.
Information about four vulnerabilities patched in Oracle CPUjul2009:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
... is published at:
CVE-2009-1970:
http://blogs.conus.info/node/26
CVE-2009-1963
http:/
Hi!
I highly suggest watching Oracle Web Conferences. They are public, free
and contain lot of "interesting" information. Just one shot:
http://no.spam.ee/~tonu/oracle-citibank-ssl.png
Tõnu
___
Full-Disclosure - We believe in it.
Charter: http://lis
Probably one of this are the vulnerabilty descriptions of the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4017
If it's the same issue, Oracle didn't contacted me to notify me about it..
if it is that bug, then it could be
Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
PoC: http://OC4J/web-app/foobar/%c0%ae%c0%ae/WEB-INF/web.xml
Related: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Explaination: The "%c0%ae%c0%ae" is interpreted as: ".." because on
Java's side: "%c0%ae
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow
Vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in
Oracle Secure Backup
Summary:
A Buffer Overflow vulnerability exists Oracle Secure Backup 10.2.0.2 through
Oracle Secure Backup Multiple Denial Of Service vulnerabilities
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers multiple
vulnerabilities in Oracle Secure Backup
Summary:
Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2
throug
Oracle Secure Backup's observiced.exe Denial Of Service vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers a vulnerability
in observiced.exe of Oracle Secure Backup
Summary:
A Denial Of Service vulnerability exists Oracle Secure Backup 10.2.0.2
Hi again,
Attached goes and advisory for the unique vulnerability in Oracle
TimesTen fixed in the Oracle Critical Patch Update January 2009.
Cheers!
Joxean Koret
Oracle TimesTen Remote Format String
Product Description
===
Oracle TimesTen p
Hi,
Happy new year! Attached goes and advisory for one of the recently fixed
Oracle vulnerabilities in the product Oracle Secure Backup.
Regards,
Joxean Koret
Oracle Secure Backup 10g Remote Code Execution
==
Product Description
===
Hi Guys,
I have just released a free Oracle password cracker written completely
in PL/SQL on my website. The reason for doing this is to try and
encourage people to "test" passwords for strength in their own
databases. I am not seeing any real improvements in password strength
generally across the
It is reported to Oracle since 2004 by open3s and affects others libs. The
workaround is very simple but it is "under investigation / being fixed in
main codeline. Scheduled for future cpu"
regards
juan manuel pascual
On Sat, 19 Jul 2008, Joxean Koret wrote:
> Oracle Database Local Untruste
Oracle Database Local Untrusted Library Path Vulnerability
--
The Oracle July 2008 Critical Patch Update fixes a vulnerability which
allows a user in the OINSTALL/DBA group to scalate privileges to root.
Scalating Privileges from "oracle" to
[EMAIL PROTECTED]
http://osvdb.org/vendor/1/Oracle%20Corporation
On Wed, 16 Jul 2008 19:22:01 -0400 Kristian Erik Hermansen
<[EMAIL PROTECTED]> wrote:
>Anyone have it?
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full
Anyone have it?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Class: Input Validation Error
Risk: Low
Remote: Yes
Oracle has just released CPU July 2008 critical patch that fixes a flaw
which allows code injection by malicious web users into the web pages
viewed by other users.
The security issue was found on POPUP_NAME parameter OF
PORTAL.WWPOB_HOME_PAG
NGSSoftware Insight Security Research Advisory
Name: PLSQL Injection in Oracle Application Server
Systems Affected: Oracle Application Server 9.0.4.3, 10.1.2.2, 10.1.4.1
Severity: Critical
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 9th October 2007
Affected Software/Device: Oracle Application Server Portal
Vulnerability: Authentication Bypass
Tested Version: 10G
Risk: Medium
Description:
Oracle Application Server Portal (OracleAS Portal) is a Web-based
application for building and deploying portals. It provides a secure,
manageable env
Full details of the vulnerability DB12 fixed in the Oracle April 2008
CPU can be found in our advisory at
http://www.imperva.com/resources/adc/adc_advisories_oracle-dbms-04172008
.html
Amichai Shulman
CTO
125 Menachem Begin St.
Tel Aviv 67010
Israel
(972) 3-6840103 Office
(972) 54-5885083 Mobi
Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]
Systems Affected 9i Rel. 1 - 10g Rel. 2
Severity High Risk
Category Hardcoded Default Password & Password Reset
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust
Advisory
Oracle - SQL Injection in package SDO_IDX [DB07]
Systems Affected 9i Rel. 1 - 11g Rel. 1
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust
Advisory 16 April 2008 (V 1.00)
Advisory URL
Oracle - SQL Injection in package SDO_UTIL [DB05]
Systems Affected 10g Rel. 1, 10g Rel. 2
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust
Advisory 16 April 2008 (V 1.00)
Advisory URL
Oracle - SQL Injection in package SDO_GEOM [DB06]
Systems Affected 9i Rel. 1 - 10g Rel. 2
Severity High Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust
Advisory 16 April 2008 (V 1.00)
Advisory URL
FYI only..
Onn the same /similar note, David just got cited here wrt to SQL
http://blogs.zdnet.com/security/?p=663
On Nov 13, 2007 2:27 PM, David Litchfield <[EMAIL PROTECTED]> wrote:
> Hey all,
> After investigating 11g the other day I came across an interesting issue.
> During the installati
Hey all,
After investigating 11g the other day I came across an interesting issue.
During the installation of Oracle 11g and 10g all accounts, including the
SYS and SYSTEM accounts, have their default passwords and only at the end of
the install are the passwords changed. This means that there is a
-- Utility to free Oracle memory
declare
larry varchar2(32767);
mary varchar2(32767);
begin
larry:='larryellison';
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
larry:=larry||larry;
mary:='maryann';
mary:=mary||mary;
ma
NGSSoftware Insight Security Research Advisory
Name: Oracle audit issue with XMLDB ftp service
Systems Affected: Oracle Oracle 9ir2, 10g Release 1
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 9th March 2006
Date of Public Advisory: 17th
NGSSoftware Insight Security Research Advisory
Name: Oracle RDBMS Data packet DoS
Systems Affected: Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 23rd June 2006
Date of Public Advisory: 17th
NGSSoftware Insight Security Research Advisory
Name: Oracle TNS Listener DoS and/or remote memory inspection
Systems Affected: Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 22nd June 2006
Dat
Dear Pete,
Recurity Labs also reversed the algorythm, the things you write sound
very similar.
http://www.recurity-labs.com/head.html#n15
Sent to mailing list without permission :
Oracle 0xDEADF00D
Alexander Kornbrust, CEO of Red Database Security GmbH and Oracle Database
security expert noti
US-CERT released an advisory on August 28, 2007 regarding multiple stack
buffer overflows in the Oracle Jinitiator product (Vulnerability Note
VU#474433/CVE-2007-4467). Due to limited public technical information on
Jinitiator, no access to the Oracle support website, and maybe lack of
cooperation
Time to release critical details on Oracle Views bug.
http://rawlab.mindcreations.com/codes/exp/oracle/bunkerview.sql
Remember: keep your Oracle patched and up-to-date, always!
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html
Bye,
--
Andrea "bunker" Purifi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Alert (Update)
Oracle Database Buffer overflow vulnerabilities in procedure
DBMS_DRS.GET_PROPERTY (DB03)
Jan 18, 2007 (Updated July 18th, 2007)
Risk Level: Medium
Affected versions:
Oracle Database Server versions 9i, 9iR2, 10g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Alert (Update)
Oracle Database Buffer overflows and Denial of service vulnerabilities
in public procedures of MDSYS.MD (DB12)
Jan 18, 2007 (Updated July 18th, 2007)
Risk Level: High
Affected versions:
Oracle Database Server ver
Hey all,
For anyone that wants a copy, I've just posted the fourth paper in the
Oracle Forensics series I'm writing to http://www.databasesecurity.com/.
This paper covers what an incident responder should do during a Live
Response on a compromised Oracle server.
Cheers,
David Litchfield
--
E-MA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: Oracle Database Buffer overflow vulnerabilities in package
DBMS_SNAP_INTERNAL
Risk Level: Medium
Affected versions:
Oracle Database Server versions 8i, 9i and 10gR1
Remote exploitable: Yes (Authentication to Database Server is needed)
Credit
Integrigy has released additional information on the Oracle E-Business Suite
11i and R12 security vulnerabilities in the April 2007 Oracle Critical Patch
Update. This analysis includes details (type, impact, etc.) regarding the
vulnerabilities, a review of the required patches, and advice on apply
Hey all,
For anyone that's interested I've just put out two papers (chapters really);
one on Indirect Privilege Escalation in Oracle and the other on Defeating
Virtual Private Databases in Oracle. You can grab them here.
http://www.databasesecurity.com/dbsec/ohh-indirect-privilege-escalation.pdf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oracle Database Buffer overflow vulnerabilities in procedures of package
DBMS_CAPTURE_ADM_INTERNAL (DB09)
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle
Jan 18, 2007
Affected versions: Oracle Database Server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oracle Database Buffer overflow vulnerability in procedure
DBMS_LOGREP_UTIL.GET_OBJECT_NAME (DB08)
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle
Jan 18, 2007
Affected versions: Oracle Database Server versio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oracle Database Buffer overflow vulnerabilities in procedure
DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT (DB07)
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle
Jan 18, 2007
Affected versions: Oracle Database Se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oracle Database Buffer overflows and Denial of service vulnerabilities
in public procedures of MDSYS.MD (DB05)
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle
Jan 18, 2007
Affected versions: Oracle Database S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oracle Database Buffer overflow vulnerabilities in procedure
DBMS_LOGMNR.ADD_LOGFILE (DB04)
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle
Jan 18, 2007
Affected versions: Oracle Database Server versions 9iR
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oracle Database Buffer overflow vulnerabilities in procedure
DBMS_DRS.GET_PROPERTY (DB03)
AppSecInc Team SHATTER Security Advisory
http://www.appsecinc.com/resources/alerts/oracle
Jan 18, 2007
Affected versions: Oracle Database Server versions 9iR2 a
Description
---
There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the
Oracle Portal. The following is one that you may found in any version:
http:///webapp/jsp/container_tabs.jsp?tc=null%20=%20null;alert('Hello!');window.open('http://www.oracle.com/?fix_security_b
>From: "Brian Eaton" <[EMAIL PROTECTED]>
>To: "putosoft softputo" <[EMAIL PROTECTED]>
>CC: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
>Subject: Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
>Date: Wed, 20 D
On 12/20/06, putosoft softputo <[EMAIL PROTECTED]> wrote:
> Oracle Portal/Applications HTTP Response Splitting
> --
>
> Sample:
>
> http:///webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
Oracle Portal/Applications HTTP Response Splitting
--
Sample:
http:///webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
How an attack can be conducted?
---
Ora
Hi to all,
In the past I wrote a python tool to fuzz PL/SQL procedures, functions
and packages. With this wonderfull tool I found many vulnerabilities,
many crashes and many-many interesting issues.
I decided to release it to the public because it's a part of an Oracle
specific Vulnerability Asse
Hello,I have written a patch for rainbowrack 1.2 -> http://www.antsight.com/zsl/rainbowcrack/rainbowcrack-1.2-src.zip that add the suport for the oracle hash algorithm into rainbowcrack.
The problem is that Oracle hash depend on the login name. So you have to
generate rainbow table for each lo
Doh! Busted right back! Now I get the same results
(assuming I grant the user alter session of course -
if the user doesn't have alter session I get the
privilege error).
Thanks Raj!
--- rjamya <[EMAIL PROTECTED]> wrote:
> Russell,
>
> you have a syntax error, you need a comma before
> LEVEL.
>
Russell,
you have a syntax error, you need a comma before LEVEL.
Raj
On 7/28/06, Russell Lowenthal <[EMAIL PROTECTED]> wrote:
Interesting comment. So if I understand what you are
saying I should be able to create a user:
SQL> create user nottoosmart identified by
d0ntkn0wmuch;
User created.
Interesting comment. So if I understand what you are
saying I should be able to create a user:
SQL> create user nottoosmart identified by
d0ntkn0wmuch;
User created.
SQL> grant create session to nottoosmart;
Grant succeeded.
SQL> connect nottoosmart/d0ntkn0wmuch
Connected.
SQL> alter session s
I can't believe it. Oracle releases new patches and they have not been
solved one of the main problems: A user with only the SELECT privilege can
do WHATEVER (S)HE WANTS WITH THE ENTIRE DATABASE
I'm not sure if is time to full disclosure it but, anyway, I will "full
disclosure" one inocent
NameSQL Injection in package SYS.KUPW$WORKER (6980775) [DB03]
Systems Oracle 10g Release 1
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory18 Jul 2006 (V 1.00)
Name SQL Injection in package SYS.DBMS_STATS (6980751) [DB21]
Systems Oracle 10g Release 1
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory18 Jul 2006 (V 1.00)
Name SQL Injection in package SYS.DBMS_UPGRADE (6980717) [DB22]
Systems Oracle 10g Release 1
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory18 Jul 2006 (V 1.00)
A
A few people have asked me recently what it is I'm actually looking for from
Oracle. I have a nice little laundry list of things, of course, but mostly
all I've been waiting for is to hear Oracle to say, "We admit we have a
problem with regards to security, but here's our strategy and we're goin
A regular patch release cycle is a good thing. It allows system
administrators to plan ahead and minimize server downtime. If I, as a system
administrator, know that on the 18th of April 2006 a critical patch is going
to be released I'll plan to stay late at work that night and start the
assessment
Hello Full Disclosure
Last Thursday 6th April 2006, Oracle released a note on the Oracle
knowledgebase Metalink with details about an unfixed security
vulnerability (=0day) and a working test case (=exploit code) which
effects all versions of Oracle from 9.2.0.0 to 10.2.0.3. This note
"363848.1 -
Try: www.cisecurity.org
They have excellent checklists for lots of
platforms and products.
good luck!
maarten
- Original Message -
From:
victor gonzalez
To: full-disclosure@lists.grok.org.uk
Sent: Tuesday, January 24, 2006 1:16
AM
Subject: [Full-disclosure
hello everybody:
Somebody knows where I can find a security check list for oracle products?
I got this: <
http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database.pdf>
but i woul like something more especificthinks.
___
Ful
Oracle forgot to inform me that these vulnerabilities are also fixed.
#
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$
ft.html
###
SQL Injection in package SYS.KUPV$FT
Name SQL Injection in package SYS.KUPV$FT
AffectedOr
Oracle forgot to inform me that these vulnerabilities are also fixed.
#
http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$
ft_int.html
###
Name SQL Injection in package SYS.KUPV$FT_INT
Affected Oracle 10g Release 1
Severity High Ri
Wasn't tru64 unbreakable too? *scratches head*
-simon
-Original Message-
From: KF (lists) <[EMAIL PROTECTED]>
To: full-disclosure@lists.grok.org.uk
Sent: Tue, 17 Jan 2006 17:09:54 -0500
Subject: Re: [Full-disclosure] Oracle Reports - Read parts of files via
customize(fixe
un·break·a·ble (un-bra'ka-bal) pronunciation
adj.
1. To brush holes under rug as long as possible.
2. Able to hide beind a garbage Ad campaign.
http://www.oracle.com/oramag/oracle/02-mar/o22insight.html
Whats Behind it you ask? How about a nice big fat steamy load of poopy.
-KF
Thierry Zoller
Dear Alexander Kornbrust and Amichai Shulman ,
It's astonishing how customers are left vulnerable for _years_ trying
to conceal hundreds of bugs under a single patch. Knowing what type
of sensitive data I have come across on certain Oracle servers
I wonder whether this strategy pays out for Oracle
Hello FD-Reader
Event 10053 logs the TDE masterkey in cleartext into the trace file.
Oracle fixed this problem with CPU January 2006.
http://www.red-database-security.com/advisory/oracle_tde_wallet_password
.html
#
Name
Hello FD-Reader
It took only 874 days to fix this problem.
Summary and additional information concerning the Oracle January 2006
CPU is available here:
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
##
http://www.red-database-security.com/advisory/oracle_reports_r
Hello FD-Reader
It took only 889 days to fix this problem.
Summary and additional information concerning the Oracle January 2006
CPU is available here:
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
##
http://www.red-database-security.com/advisory/oracle_reports_
Hello FD-Reader
It took only 875 days to fix this problem.
Summary and additional information concerning the Oracle January 2006
CPU is available here:
http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
##
http://www.red-database-security.com/advisory/oracle_reports_
Oracle DBMS
– Access Control Bypass in Login
**
Background
***
Oracle is a widely deployed DBMS. Clients use a protocol called TNS to
communicate to the Oracle server. Protocol messages are used for session setup,
au
Hello FD reader
Oracle released the first critical patch update for 2006 with bugfixes for 82
vulnerabilities.
http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Additional information concerning the Oracle January 2006 CPU is available here
http://www.red-database-security.co
-- Utility to backup you Oracle Password Hashes
-- Modified from http://lists.grok.org.uk/pipermail/full-disclosure/2005-
October/038290.html
-- Code by anonymous
-- Exemple:
--##startc0GtJBi1
DECLARE
i1 INTEGER;
i2 INTEGER;
i6 INTEGER;
iHostToSearchFor INTEGER;
reference_ip varchar2(1000);
1 - 100 of 112 matches
Mail list logo