<< Previous Next >>
Application Security
Remote exploitable:
Yes (Authentication is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez Fay of Application Security Inc.
Details:
SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed.
The "TARGET" parameter used in web page /em/console/reports/admin of Oracle Enterprise Manager web application is vulnerable to SQL Injection attacks. It may be possible for a malicious user to execute a function with the elevated privileges of the SYSMAN database user in the repository database. This user has the DBA role granted.
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed.
The 'targetType' parameter used in web page /em/console/target/svclvl/slrule and 'serviceType' parameter used in web page /em/console/target/svclvl/sldetails are vulnerable to SQL Injection attacks. These web pages are part of Oracle Enterprise Manager web application that is included with Oracle Database 11g Release 1. It may be possible for a malicious Enterprise Manager user to execute a function with the elevated privileges of the SYSMAN database user in the repository database. This user has the DBA role granted.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
These vulnerabilities were discovered and researched by Ariel Sanchez
of Application Security Inc.
Details:
The XMLQUERY and XMLEXISTS functions are vulnerable to a stack based
buffer overflow by passing an overly long parameter. The XMLQUERY and
XMLEXISTS functions are installed by default.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
Oracle Database Server provides the SYS.KUPF$FILE_INT package. This
package contains the procedure GET_FULL_FILENAME which is vulnerable to
buffer overflow attacks.
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege (CVE-2011-2322) or DV_ACCTMGR role (CVE-2011-3511) can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).
Impact:
Hi,
We would like to invite you to the European OWASP Application Security
Conference! After successful OWASP Conferences in the United States (San
Jose), Europe (Milan), Asia (Taiwan) and Australia (Queensland), we are back
in Belgium: 5 tutorials and 2 conference tracks in the historic center of
Ghent on May 19-22 2008!
More details and registration on http://www.owasp.org/index.php/AppSecEU08
Remotely exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Martin Rakhmanov of
Application Security Inc.
Details:
By using ADMIN_SP_C/ADMIN_SP_C2 procedures, an attacker may be able to
execute arbitrary code.
The ADMIN_SP_C/ADMIN_SP_C2 procedures are installed by default.
The Web Application Security Consortium (WASC) is pleased to announce
the WASC Web Application Security Statistics Project 2008. This
initiative is a collaborative industry wide effort to pool together
sanitized website vulnerability data and to gain a better understanding
about the web application vulnerability landscape.
The statistics was compiled from web application security assessment
projects which were made by the following companies in 2008 (in
alphabetic order):
Deviant Ollam - 1 Day Course
\__Mastery of Physical Security
Joe McCray - 2 Day Course
\__Crash Course on Penetration Testing & Web Application Security
Jared DeMott - 3 Day Course
\__Application Security: For Hackers and Developers
Scott Lambert & Jason Geffner - 3 Day Course
V. CREDIT
--------------
These vulnerabilities were discovered by Mohammed Boumediane (VUPEN
Security)
with help of the VUPEN Web Application Security Scanning (WASS) technology.
VI. VUPEN Web Application Security Scanner (WASS)
----------------------------------------------------
Thanks,
David Byrne
Senior Security Consultant
Trustwave - SpiderLabs, Application Security
-----Original Message-----
From: Ivan Buetler [mailto:ivan.buetler@csnc.ch]
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
The PL/SQL package DBMS_CDC_UTILITY owned by SYS has an instance of SQL
Injection. A malicious user can call a vulnerable procedure of this
package with specially crafted parameters and execute SQL statements
Remote exploitable:
Yes (Authentication required)
Credits:
This vulnerability was discovered and researched by Esteban Martínez
Fayó of Application Security Inc.
Details:
Oracle Database provides the "LT" PL/SQL package that is part of the
Oracle Workspace Manager component. This package has multiple
instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE
vulnerabilities.
05/10/2008 – Advisory released.
About BugSec LTD.
BugSec Services provide IT & Application Security services for large
scaled organizations.
Among services; Penetration Testing, Risk Assessments, Secure Code
Development and Guidance.
BugSec Solutions develops innovative products and tools which gives
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
The 'locale' parameter used in web page help/topics/iastop_cs/iastop_cs_farm_page.html (part of Oracle Help component) is vulnerable to cross-site scripting attacks. User supplied input to this parameter is returned without proper sanitization, allowing a malicious attacker to inject arbitrary scripting code.
The Web Hacking Incidents Database (http://whid.webappsec.org), or WHID for
short, is a Web Application Security Consortium (http://www.webappsec.org)
project dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of the web
application security problem and provide information for statistical
analysis of web applications security incidents.
The last week was very rich in Web Hacking Incidents. Too rich. The
following incidents where added to WHID last week:
Remote exploitable:
Yes (Authentication required)
Credits:
This vulnerability was discovered and researched by Esteban Martínez
Fayó of Application Security Inc.
Details:
Oracle Database provides the "LTADM" PL/SQL package that is part of
the Oracle Workspace Manager component. This package has instances of
SQL Injection in COMPRESSSTATE and GOTOTS procedures. Dependening on
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
The PL/SQL package DBMS_CDC_UTILITY owned by SYS has an instance of SQL
Injection. A malicious user can call a vulnerable procedure of this
package with specially crafted parameters and execute SQL statements
Remotely exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Cesar Cerrudo of
Application Security Inc.
Details:
NNSTAT procedure retrieves currently available statistics on one or more
nicknames.
By supplying an existing file as a log file parameter, arbitrary files
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Martin Rakhmanov
of Application Security Inc.
Details:
It is possible to use the CLR stored procedure deployment feature of
IBM Database add-ins for Visual Studio to produce a privilege
escalation or denial of service on a DB2 server.
The Web Application Security Consortium (WASC) is pleased to announce
the WASC Web Application Security Statistics Project 2007. This
initiative is a collaborative industry wide effort to pool together
sanitized website vulnerability data and to gain a better understanding
about the web application vulnerability landscape.
Goals
1. Identify the prevalence and probability of different vulnerability classes
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez Fay of Application Security Inc.
Details:
Oracle Database Server provides the SYS.OLAPIMPL_T package. This package contains the procedure ODCITABLESTART which is vulnerable to buffer overflow attacks.
Impact:
By default SYS.OLAPIMPL_T has EXECUTE permission to PUBLIC so any Oracle database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
Oracle Database Server provides the SYS.DBMS_AQJMS_INTERNAL package.
This package contains the procedures AQ$_REGISTER and AQ$_UNREGISTER
which are vulnerable to buffer overflow attacks.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Oracle Database Server provides the CTXSYS.DRVDISP package that is part of Oracle Text component. This package contains the function TABLEFUNC_ASOWN which is vulnerable to buffer overflow attacks when it is called with a long string in their parameters.
Impact:
The Web Hacking Incidents Database (http://whid.webappsec.org), or WHID for
short, is a Web Application Security Consortium (http://www.webappsec.org)
project dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of the web
application security problem and provide information for statistical
analysis of web applications security incidents.
The following incidents where added to WHID last week:
* WHID 2009-19: Kaspersky site breached using SQL injection, sensitive data
V. CREDIT
--------------
These vulnerabilities were discovered by Mohammed Boumediane (VUPEN
Security)
with help of the VUPEN Web Application Security Scanning (WASS) technology.
VI. VUPEN Web Application Security Scanner (WASS)
----------------------------------------------------
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database.
Impact:
Remote exploitable:
No
Credits:
This vulnerability was discovered and researched by Martin Rakhmanov of Application Security Inc.
Details:
Oracle Database supports spatial datatypes. A SQL Injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA (CVE-2011-3512).
Impact:
The Web Hacking Incidents Database (http://whid.webappsec.org), or WHID for
short, is a Web Application Security Consortium (http://www.webappsec.org)
project dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of the web
application security problem and provide information for statistical
analysis of web applications security incidents.
To continuously learn about new incidents, subscribe to the WHID RSS at
http://whid.webappsec.org/whid/rss.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez Fay of Application Security Inc.
Details:
The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed.
Impact:
<<Previous Next>>
|
