Next Page >>
Database servers
fingerprint, retrieve DBMS session user and database, enumerate users,
password hashes, privileges, databases, dump entire or user's
specified DBMS tables/columns, run his own SQL statement, read or
write either text or binary files on the file system, execute
arbitrary commands on the operating system, establish an out-of-band
stateful connection between the attacker box and the database server
via Metasploit payload stager, database stored procedure buffer
overflow exploitation or SMB relay attack and more.
Changes
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server.
Remotely exploitable:
Yes (Authentication to Database Server is needed)
Credits:
January 29, 2009
Risk Level:
High
Affected versions:
Oracle Database Server version 9iR2
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server.
Remotely exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Abstract:
This paper it's about Data0, a fictitious (or not)
simple PoC of new malware that after it's
deployed on a computer in an internal network it will
automatically hack database servers and
steal their data. Several techniques used by Data0
will be detailed. Data0 will be targeting
Microsoft SQL Server and Oracle Database Server two of
the most used database servers.
While Data0 could be used by the bad guys for evil
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous
patchsets) and 10gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Risk Level:
High
Affected versions:
IBM DB2 Database Server v9.1 and 9.5 on Windows platform.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous
patchsets) and 10gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server on Windows platform.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server version 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
High
Affected versions:
IBM DB2 Database Server v9.1 and 9.5 on Windows platform.
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
High
Affected versions:
Oracle Database Server versions 8iR3, 9iR1, 9iR2 (9.2.0.6 and previous
patchsets) and 10gR1 (10.1.0.4 and previous patchsets)
Remote exploitable:
Yes (Authentication to Database Server is needed)
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous
patchsets) and 10gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Risk Level:
Medium
Affected versions:
Oracle Database Server version 9iR1 and 9iR2
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
DM Database Server Memory Corruption Vulnerability
Vulnerable: All Version
Vendor: www.dameng.com
Discovered by: Shennan Wang (HuaweiSymantec SRT)
Details:
=========
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
Overview
********
Oracle has just released a fix for a flaw that, when exploited, allows an
unauthenticated attacker on the Internet to gain full control of a backend
Oracle database server via the front end web server.
Details
*******
Oracle Application Server installs a number of PLSQL packages in the backend
database server. One of these is the WWV_RENDER_REPORT package and it is
Risk Level:
Medium
Affected versions:
Oracle Database Server versions 9iR1, 9iR2, 10gR1, 10gR2 and 11gR1
Remote exploitable:
Yes (Authentication to Database Server is needed)
Credits:
|
| Risk Level:
| Medium
|
| Affected versions:
| Oracle Database Server versions 9iR1, 9iR2, 10gR1, 10gR2 and 11gR1
|
| Remote exploitable:
| Yes (Authentication to Database Server is needed)
|
| Credits:
Description:
Unauthenticated SQL Injection:
Client input is being used to generate queries passed to the backend
database server. This input is not sufficiently sanitized before being
passed to the backend database server. As a result, a malicious user may
be able to craft queries that will be run on the backend database server
without any authentication, leading to sensitive information such as
administrator passwords being retrieved.
This vulnerability was discovered and researched by Esteban Martnez
Fay of Application Security Inc.
Details:
Oracle Application Server installs the PL/SQL package WWEXP_API_ENGINE
owned by PORTAL in the backend Oracle database server. The 'ACTION'
procedure of this package has an instance of SQL Injection that allows
attackers to create anonymous PL/SQL programs and execute any kind of
PL/SQL statements. The statements are executed with the privileges of
the PORTAL user, that has DBA privileges. The vulnerability can be
exploited using a web application and without authentication.
> advisories for Oct 2010 from Oracle (see
> http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
> ) and
> I do not see this "fix" listed anywhere. I see Java VM stuff but only in
> the context of being fixed as part of another, parent component like
> Database Server.
>
> Am I looking in the wrong place?
> [...].
>
> Yes. Have a look here:
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer
Associates' products. For example, CA Directory Service use thes Ingres
Database server. More information can be found on the vendor's website
at the following URL.
http://ingres.com/downloads/prod-cert-download.php
CVE Name: N/A
*Vulnerability Description*
The Borland Interbase 2007 database server [1] is vulnerable to an
integer overflow when a malformed packet is sent to the default TCP port
3050. The integer overflow can cause a stack overflow, which allows
arbitrary code execution with system privileges.
attack exploiting homoglyphic translation. As outlined by David Litchfield
in an old full-disclosure post [1]:
"It didn't take long to discover that this patch could be bypassed using
the following techinque: due to internationalization, an Oracle database
server will convert the ? character (value 0xFF) to a capital Y. The PLSQL
Gateway will not. Thus, if we request:
http://www.example.com/pls/dad/S%FFS.PACKAGE.PROCEDURE
the gateway will happily pass it over to the database server where the ?
We appreciate the responsible disclosure, but I am looking at the
advisories for Oct 2010 from Oracle (see
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html) and
I do not see this "fix" listed anywhere. I see Java VM stuff but only in
the context of being fixed as part of another, parent component like
Database Server.
Am I looking in the wrong place?
>
> For more information on the new release of JRE/JDK
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of IBM Informix Database Server. SQL query
execution privileges are required to exploit this vulnerability.
The specific flaw exists within the oninit process bound to TCP port
9088 when processing the arguments to the USELASTCOMMITTED option in a
SQL query. User-supplied data is copied into a stack-based buffer
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer
Associates' products. For example, CA Directory Service use thes Ingres
Database server. More information can be found on the vendor's website
at the following URL.
http://ingres.com/downloads/prod-cert-download.php
Next Page>>
|
