<< Previous Next >>
software security
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez
Fayo of Application Security Inc.
Details:
SQL Injection works by attempting to modify the parameters passed to an
application to change the SQL statements that are passed to a database.
SQL injection can be used to insert additional SQL statements to be
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez
Fayo of Application Security Inc.
Details:
HTTP Response Splitting is a web application vulnerability where input
parameters are unsafely used in response headers allowing an attacker to
make the server print one (or more) new line sequences in the header
Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security, Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
There are instances of XSS vulnerabilities in the Instance Management component of Oracle Enterprise Manager Grid Control. For example, the 'datasource' parameter of /em/console/database/instance/sitemap web page is vulnerable to this kind of attacks.
Remote exploitable:
Yes (No authentication is required)
Credits:
This vulnerability was discovered and researched by Esteban Martinez
Fayo of Application Security Inc.
Details:
Oracle Database provides OCIPasswordChange API to change user passwords.
This API can be used while a user is logged on as well as before the
authentication process is completed, this is because it can be used for
The call for papers ends in seven days on February 1, 2012 so submit today!
============
The theme for this conference is "Application Security at Scale".
Billions of records in the cloud. Millions of smart mobile devices.
Millions of developers writing new code. Hundreds of apps in your
enterprise. Untold numbers of existing bugs. Unknown numbers of
"sophisticated" attackers exploiting your software. What cutting edge
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
These vulnerabilities were discovered and researched by Ariel Sanchez
of Application Security Inc.
Details:
The XMLQUERY and XMLEXISTS functions are vulnerable to a stack based
buffer overflow by passing an overly long parameter. The XMLQUERY and
XMLEXISTS functions are installed by default.
V. CREDIT
--------------
These vulnerabilities were discovered by Mohammed Boumediane (VUPEN
Security)
with help of the VUPEN Web Application Security Scanning (WASS) technology.
VI. VUPEN Web Application Security Scanner (WASS)
----------------------------------------------------
Remote exploitable:
Yes (Authentication required)
Credits:
This vulnerability was discovered and researched by Esteban Martínez
Fayó of Application Security Inc.
Details:
The PL/SQL package DBMS_CDC_IPUBLISH owned by SYS has an instance of
SQL Injection in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure. A
malicious user can call the vulnerable procedure of this package with
Remote exploitable:
Yes (Authentication is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez Fay of Application Security Inc.
Details:
SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed.
The "TARGET" parameter used in web page /em/console/reports/admin of Oracle Enterprise Manager web application is vulnerable to SQL Injection attacks. It may be possible for a malicious user to execute a function with the elevated privileges of the SYSMAN database user in the repository database. This user has the DBA role granted.
vulnerabilities.
05/10/2008 – Advisory released.
About BugSec LTD.
BugSec Services provide IT & Application Security services for large
scaled organizations.
Among services; Penetration Testing, Risk Assessments, Secure Code
Development and Guidance.
BugSec Solutions develops innovative products and tools which gives
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege (CVE-2011-2322) or DV_ACCTMGR role (CVE-2011-3511) can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).
Impact:
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
The PL/SQL package DBMS_CDC_UTILITY owned by SYS has an instance of SQL
Injection. A malicious user can call a vulnerable procedure of this
package with specially crafted parameters and execute SQL statements
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
The 'locale' parameter used in web page help/topics/iastop_cs/iastop_cs_farm_page.html (part of Oracle Help component) is vulnerable to cross-site scripting attacks. User supplied input to this parameter is returned without proper sanitization, allowing a malicious attacker to inject arbitrary scripting code.
V. CREDIT
--------------
These vulnerabilities were discovered by Mohammed Boumediane (VUPEN
Security)
with help of the VUPEN Web Application Security Scanning (WASS) technology.
VI. VUPEN Web Application Security Scanner (WASS)
----------------------------------------------------
Remote exploitable:
Yes (Authentication required)
Credits:
This vulnerability was discovered and researched by Esteban Martínez
Fayó of Application Security Inc.
Details:
Oracle Database provides the "LT" PL/SQL package that is part of the
Oracle Workspace Manager component. This package has multiple
instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE
The Web Hacking Incidents Database (http://whid.webappsec.org), or WHID for
short, is a Web Application Security Consortium (http://www.webappsec.org)
project dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of the web
application security problem and provide information for statistical
analysis of web applications security incidents.
To continuously learn about new incidents, subscribe to the WHID RSS at
http://whid.webappsec.org/whid/rss.
The Web Hacking Incidents Database (http://whid.webappsec.org), or WHID for
short, is a Web Application Security Consortium (http://www.webappsec.org)
project dedicated to maintaining a list of web applications related security
incidents. WHID goal is to serve as a tool for raising awareness of the web
application security problem and provide information for statistical
analysis of web applications security incidents.
The last week was very rich in Web Hacking Incidents. Too rich. The
following incidents where added to WHID last week:
Remote exploitable:
Yes (Authentication required)
Credits:
This vulnerability was discovered and researched by Esteban Martínez
Fayó of Application Security Inc.
Details:
Oracle Database provides the "LTADM" PL/SQL package that is part of
the Oracle Workspace Manager component. This package has instances of
SQL Injection in COMPRESSSTATE and GOTOTS procedures. Dependening on
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez Fay of Application Security Inc.
Details:
The plan name parameter used in ALTER SYSTEM SET RESOURCE_MANAGER_PLAN statement and in SYS.DBMS_RESOURCE_MANAGER.SWITCH_PLAN procedure is vulnerable to buffer overflow attacks. When passing an overly long plan name string a buffer can be overflowed.
Impact:
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
The PL/SQL package DBMS_CDC_UTILITY owned by SYS has an instance of SQL
Injection. A malicious user can call a vulnerable procedure of this
package with specially crafted parameters and execute SQL statements
Deviant Ollam - 1 Day Course
\__Mastery of Physical Security
Joe McCray - 2 Day Course
\__Crash Course on Penetration Testing & Web Application Security
Jared DeMott - 3 Day Course
\__Application Security: For Hackers and Developers
Scott Lambert & Jason Geffner - 3 Day Course
Remotely exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Martin Rakhmanov of
Application Security Inc.
Details:
By using ADMIN_SP_C/ADMIN_SP_C2 procedures, an attacker may be able to
execute arbitrary code.
The ADMIN_SP_C/ADMIN_SP_C2 procedures are installed by default.
Thanks,
David Byrne
Senior Security Consultant
Trustwave - SpiderLabs, Application Security
Email: dbyrne@trustwave.com
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
These vulnerabilities were discovered and researched by Ariel Sanchez of
Application Security Inc.
Details:
DB2 has multiple vulnerabilities which can lead to Denial of Service
(DoS) attacks against the instance. When RECOVERJAR and REMOVE_JAR
procedures are called with a specially crafted parameter the DB2
Remotely exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Cesar Cerrudo of
Application Security Inc.
Details:
NNSTAT procedure retrieves currently available statistics on one or more
nicknames.
By supplying an existing file as a log file parameter, arbitrary files
V. CREDIT
--------------
These vulnerabilities were discovered by Mohammed Boumediane (VUPEN
Security)
with help of the VUPEN Web Application Security Scanning (WASS) technology:
http://www.vupen.com/english/services/wass-index.php
VI. VUPEN Web Application Security Scanner (WASS)
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez Fay of Application Security Inc.
Details:
Oracle Database Server provides the SYS.OLAPIMPL_T package. This package contains the procedure ODCITABLESTART which is vulnerable to buffer overflow attacks.
Impact:
By default SYS.OLAPIMPL_T has EXECUTE permission to PUBLIC so any Oracle database user can exploit this vulnerability. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
Oracle Database Server provides the SYS.DBMS_AQJMS_INTERNAL package.
This package contains the procedures AQ$_REGISTER and AQ$_UNREGISTER
which are vulnerable to buffer overflow attacks.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
Oracle Database Server provides the SYS.DBMS_AQJMS_INTERNAL package.
This package contains the procedures AQ$_REGISTER and AQ$_UNREGISTER
which are vulnerable to buffer overflow attacks.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
This vulnerability was discovered and researched by Martin Rakhmanov
of Application Security Inc.
Details:
It is possible to use the CLR stored procedure deployment feature of
IBM Database add-ins for Visual Studio to produce a privilege
escalation or denial of service on a DB2 server.
<<Previous Next>>
|
