exploit the possibilities

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 1 of 1

Files

NGSSoftware Insight Security Research Advisory NISR13012009: Posted Jan 14, 2009; Authored by David Litchfield | Site ngssoftware.com; NGSSoftware Insight Security Research Advisory - Oracle has just released a fix for a flaw that, when exploited, allows a low privileged authenticated database user to gain MDSYS privileges. This can be abused by an attacker to perform actions as the MDSYS user. MDSYS.SDO_TOPO_DROP_FTBL is one of the triggers that forms part of the Oracle Spatial Application. It is vulnerable to SQL injection. When a user drops a table the trigger fires. The name of the table is embedded in a dynamic SQL query which is then executed by the trigger. Note that the Oracle advisory states that the attacker requires the DROP TABLE and CREATE PROCEDURE privileges. This is not the case and only CREATE SESSION privileges are required.; tags | advisory, sql injection; advisories | CVE-2008-3979; SHA-256 | 5121c42e5d2e8b18156a9dd21c0939cd3a695ecc1539eda09d741e19ef556402; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 63 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
malvuln 7 files
nu11secur1ty 7 files
Ahmet Umit Bayram 4 files
Adam Gowdiak 4 files
gabe_k 3 files

Recent News

Malicious PyPi Requests Fork Hides Backdoor In PNG File: Posted May 14, 2024; tags | headline, malware, backdoor; Favorite | View

Christie's Art Auctions Hit By A Cyber Attack: Posted May 14, 2024; tags | headline, hacker, britain; Favorite | View

Black Basta Ransomware Group Is Imperiling Critical Infrastructure: Posted May 14, 2024; tags | headline, hacker, malware, data loss, scada, cryptography; Favorite | View

NHS Digital Hints At Exploit Sightings Of Arcserve UDP Vulnerabilities: Posted May 14, 2024; tags | headline, hacker, britain, flaw; Favorite | View

Google, Apple Gear To Raise Tracking Tag Stalker Alarm: Posted May 14, 2024; tags | headline, privacy, phone, google, spyware, apple; Favorite | View

Telegram CEO Calls Out Rival Signal, Claims It Has Ties With US Government: Posted May 14, 2024; tags | headline, government, privacy, phone, spyware, cryptography; Favorite | View

NATO Draws A Cyber Red Line In Tensions With Russia: Posted May 13, 2024; tags | headline, government, usa, russia, cyberwar, military; Favorite | View

Dell Says Info Leaked After Hacker Claims Access To 49M Records: Posted May 13, 2024; tags | headline, hacker, data loss; Favorite | View

Ascension Making Progress After Ransomware Attack: Posted May 13, 2024; tags | headline, hacker, malware, cybercrime, data loss, cryptography; Favorite | View

Europol Confirms Incident Following Alleged Auction Of Staff Data: Posted May 13, 2024; tags | headline, hacker, government, privacy, data loss; Favorite | View

View More News →

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec