«
Expand/Collapse
194 items tagged "database"
Related tags:
vault [+],
user [+],
injection [+],
darknet [+],
usa [+],
enterprise [+],
database management system [+],
black hat [+],
zero [+],
webapps [+],
security advisory [+],
database manipulation [+],
cross site scripting [+],
trustwave [+],
phpmyadmin [+],
database backup [+],
beta [+],
xss [+],
wsn [+],
web [+],
target host [+],
system 1 [+],
sanity checks [+],
open source command [+],
netzbrett [+],
manager. while [+],
manager. authentication [+],
ing database [+],
information disclosure vulnerability [+],
information [+],
guest database [+],
grid control [+],
download [+],
denial of service [+],
database system [+],
ctxsys [+],
beta asp [+],
backup [+],
auto database [+],
auto [+],
authors [+],
administrative interface [+],
oracle [+],
zero day [+],
z blog [+],
yuval adam tags [+],
yourtube [+],
xml entity [+],
webdefend [+],
talk [+],
table overview [+],
table [+],
subsembly [+],
structure extraction [+],
static database [+],
sql statements [+],
spatial indexes [+],
spatial [+],
software versions [+],
sid [+],
servicedesk [+],
server versions [+],
server database [+],
security [+],
search [+],
relational database management system [+],
relational database management [+],
privileged users [+],
php fusion [+],
penetration testers [+],
password command [+],
oracle text [+],
oracle database account [+],
openemr [+],
network denial [+],
mysql [+],
mybb [+],
manipulation [+],
mandriva linux [+],
manager component [+],
manager appliance [+],
management web [+],
manageengine [+],
israel [+],
input validation vulnerabilities [+],
information disclosure [+],
glpi [+],
forgery [+],
file [+],
exploit [+],
enterprise version [+],
efront [+],
database structure [+],
database servers [+],
database server [+],
database search [+],
database password [+],
database creation [+],
code execution [+],
citizen name [+],
cisco unified [+],
chaos communication congress [+],
census database [+],
census [+],
buffer overflow [+],
blog [+],
banking [+],
arbitrary code [+],
apache webserver [+],
administrator session [+],
vulnerability [+],
disclosure [+],
wendel [+],
tooltalk [+],
timeclock software [+],
target [+],
steve ocepek [+],
statcountex [+],
social engineering [+],
shulman [+],
servers [+],
server rpc [+],
server password [+],
security vulnerability [+],
scripti [+],
school [+],
remote security [+],
remote [+],
penetration [+],
pan track [+],
overflow [+],
native database [+],
ms sql [+],
information leak [+],
guestbook [+],
guest [+],
google [+],
g. henrique [+],
forensics [+],
flexdb [+],
execution [+],
exchange server [+],
europe [+],
etsb [+],
esteban martnez [+],
employee timeclock [+],
david litchfield [+],
database security [+],
database login [+],
danger [+],
confidential data [+],
communication protocol [+],
com [+],
buffer overflow vulnerability [+],
blogger [+],
application [+],
anket [+],
alexander kornbrust [+],
al sat [+],
Software [+],
Newbie [+],
Area [+],
sql [+],
yuan [+],
wvs [+],
wordpress [+],
white spaces [+],
websitebaker [+],
webraider [+],
webapp [+],
web root [+],
web pages [+],
web application security assessment [+],
web application security [+],
web application [+],
weaknet [+],
vulnerability research [+],
vulnerability assessment [+],
vulnerabilities [+],
utl [+],
ubuntu [+],
typical error message [+],
turkce [+],
tube [+],
tr database [+],
tool [+],
tim bunce [+],
testing [+],
takeover [+],
tailor [+],
sqlninja [+],
sqlmap [+],
sqlinject finder [+],
sql server version [+],
spradlin [+],
spip [+],
spectrum users [+],
specific software [+],
source [+],
someone [+],
software user [+],
slides [+],
shell [+],
service vulnerability [+],
server side applications [+],
security tasks [+],
security issue [+],
security authors [+],
safer use [+],
rootkits [+],
research toolkit [+],
ready [+],
quot [+],
quickdev [+],
python script [+],
pyrit [+],
protection mechanism [+],
problem [+],
postcard [+],
portal [+],
pool size [+],
php [+],
penetration tests [+],
pcap [+],
payload [+],
path [+],
passwords [+],
password database [+],
password [+],
paper [+],
out [+],
oscss [+],
orbitdownloader [+],
oracle databases [+],
open source web [+],
offers [+],
ntlm [+],
newsletter [+],
network discovery [+],
mysqlpasswordauditor [+],
mysql password [+],
mysql database servers [+],
myphp [+],
ms sql server [+],
mole [+],
microsoft sql server [+],
metasploit [+],
memory corruption [+],
memory [+],
mayasan [+],
matrixay [+],
manager base [+],
management algorithms [+],
malware [+],
location technology [+],
literature [+],
linux [+],
last time [+],
kind [+],
karma [+],
joy [+],
jet database [+],
jet [+],
java securitymanager [+],
java [+],
j.a.g [+],
interface toolkit [+],
interface [+],
inguma [+],
ingress database [+],
ingress [+],
ingres database [+],
ingres [+],
host port [+],
heap [+],
havij [+],
hacks [+],
gui techniques [+],
gui [+],
guestbook v2 [+],
guestbook database [+],
gps [+],
geolocation [+],
fusion [+],
full [+],
framework [+],
forensic analysis [+],
fipsforum [+],
fingerprint [+],
few minutes [+],
fatihsoftblog [+],
fan tags [+],
exchange [+],
erp [+],
enterprise manager [+],
encrypt [+],
dump [+],
dsa [+],
doing the rounds [+],
discovery exploration [+],
disconnect [+],
digital postcards [+],
device [+],
development [+],
detection script [+],
del [+],
ddms [+],
dbms [+],
database users [+],
database server software [+],
database path [+],
database java [+],
database interface [+],
database encryption [+],
database connection [+],
database code [+],
database change [+],
database backups [+],
database archiving [+],
database access control [+],
database access [+],
dale brocklehurst [+],
command line interface [+],
code [+],
cms [+],
clocks [+],
clock [+],
circumvent [+],
change [+],
cc database [+],
cant [+],
brocklehurst [+],
brian [+],
boolean query [+],
blogit [+],
bizploit [+],
below [+],
base platform [+],
backups [+],
backdoor [+],
authentications [+],
auditing software [+],
auditing [+],
audit tool [+],
audit framework [+],
attack [+],
asia [+],
artiphp [+],
archiving [+],
arbitrary code execution [+],
api [+],
andiparos [+],
and [+],
administration tools [+],
added features [+],
acunetix web vulnerability scanner [+],
acunetix [+],
acs [+],
access [+],
Wireless [+],
Pentesting [+],
General [+],
Fixes [+],
Discussion [+],
Bugs [+],
BackTrack [+],
oracle database server [+],
hacking [+],
read [+],
txt [+],
server [+],
oracle database [+],
sql injection [+],
day [+]
-
-
17:21
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.
-
17:21
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.
-
17:21
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0677-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing.
-
-
17:19
»
Packet Storm Security Misc. Files
Artiphp CMS version 5.5.0 suffers from a database backup disclosure vulnerability.
-
-
23:32
»
Packet Storm Security Recent Files
Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from a password hash information leak in the OCIPasswordChange API.
-
23:32
»
Packet Storm Security Misc. Files
Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from a password hash information leak in the OCIPasswordChange API.
-
-
22:41
»
SecDocs
Authors:
Yuval Adam Tags:
data mining Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database. The Israeli census database has been freely available on the Internet since 2001. The database has been illegally leaked due to incompetent data security policies in the Ministry of Interior of Israel, which is responsible for the management of the Israeli census. The data available includes all personal data of every Israeli citizen: name, ID number, date and location of birth, address, phone number and marital status, as well as linkage to parents and spouses. In this talk we discuss various statistics, trends and anomalies that such data provides us with insight to. Personal details will obviously be left out of the talk, though it is important to note that any person who wishes to retrieve such details can easily do so. We will end the talk with a discussion about upcoming and relevant privacy issues in light of Israel's soon-to-be biometric database.
-
22:41
»
SecDocs
Authors:
Yuval Adam Tags:
data mining Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database. The Israeli census database has been freely available on the Internet since 2001. The database has been illegally leaked due to incompetent data security policies in the Ministry of Interior of Israel, which is responsible for the management of the Israeli census. The data available includes all personal data of every Israeli citizen: name, ID number, date and location of birth, address, phone number and marital status, as well as linkage to parents and spouses. In this talk we discuss various statistics, trends and anomalies that such data provides us with insight to. Personal details will obviously be left out of the talk, though it is important to note that any person who wishes to retrieve such details can easily do so. We will end the talk with a discussion about upcoming and relevant privacy issues in light of Israel's soon-to-be biometric database.
-
22:41
»
SecDocs
Authors:
Yuval Adam Tags:
data mining Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database. The Israeli census database has been freely available on the Internet since 2001. The database has been illegally leaked due to incompetent data security policies in the Ministry of Interior of Israel, which is responsible for the management of the Israeli census. The data available includes all personal data of every Israeli citizen: name, ID number, date and location of birth, address, phone number and marital status, as well as linkage to parents and spouses. In this talk we discuss various statistics, trends and anomalies that such data provides us with insight to. Personal details will obviously be left out of the talk, though it is important to note that any person who wishes to retrieve such details can easily do so. We will end the talk with a discussion about upcoming and relevant privacy issues in light of Israel's soon-to-be biometric database.
-
-
9:44
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-198 - Multiple vulnerabilities has been found and corrected in phpmyadmin. Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
-
9:44
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-198 - Multiple vulnerabilities has been found and corrected in phpmyadmin. Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
-
9:44
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-198 - Multiple vulnerabilities has been found and corrected in phpmyadmin. Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
-
-
16:12
»
Packet Storm Security Advisories
Team SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.
-
16:12
»
Packet Storm Security Recent Files
Team SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.
-
16:12
»
Packet Storm Security Misc. Files
Team SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.
-
16:07
»
Packet Storm Security Advisories
Team SHATTER Security Advisory - Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege or DV_ACCTMGR role can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).
-
16:07
»
Packet Storm Security Recent Files
Team SHATTER Security Advisory - Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege or DV_ACCTMGR role can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).
-
16:07
»
Packet Storm Security Misc. Files
Team SHATTER Security Advisory - Oracle Database Vault provides additional protections from malicious privileged users. The protections include separation of duty for some tasks like user account management. Any user with SYSDBA privilege or DV_ACCTMGR role can bypass these protections and change any user's password (including Oracle Database Vault Owner user password) calling the OCIPasswordChange client API (the 'password' command in SqlPLUS uses this API).
-
16:03
»
Packet Storm Security Advisories
Team SHATTER Security Advisory - Oracle Database Server provides the CTXSYS.DRVDISP package that is part of Oracle Text component. This package contains the function TABLEFUNC_ASOWN which is vulnerable to buffer overflow attacks when it is called with a long string in their parameters.
-
16:03
»
Packet Storm Security Recent Files
Team SHATTER Security Advisory - Oracle Database Server provides the CTXSYS.DRVDISP package that is part of Oracle Text component. This package contains the function TABLEFUNC_ASOWN which is vulnerable to buffer overflow attacks when it is called with a long string in their parameters.
-
16:03
»
Packet Storm Security Misc. Files
Team SHATTER Security Advisory - Oracle Database Server provides the CTXSYS.DRVDISP package that is part of Oracle Text component. This package contains the function TABLEFUNC_ASOWN which is vulnerable to buffer overflow attacks when it is called with a long string in their parameters.
-
-
10:37
»
SecDocs
Authors:
Esteban Martínez Fayó Tags:
Oracle Event:
Black Hat USA 2010 Abstract: Oracle Database Vault was launched a few years ago to put a limit on DBAs unlimited power especially over highly confidential data where it is required by regulations. This presentation will show how this add-on product for Oracle Database performs on this difficult task, first giving an introduction to DB Vault and what protections does it brings, then showing with many examples how it is possible to bypass the protections provided. The attacks demonstrated include getting operating system access to disable DB Vault, SQL Injection and impersonation techniques to bypass DB Vault protections and how it is possible using simple exploits to circumvent DB Vault. These attack examples are accompanied by recommendations on how to protect from them. Also the presentation shows some issues with native database auditing and has a section with additional recommendations to secure DB Vault and conclusions.
-
10:37
»
SecDocs
Authors:
Esteban Martínez Fayó Tags:
Oracle Event:
Black Hat USA 2010 Abstract: Oracle Database Vault was launched a few years ago to put a limit on DBAs unlimited power especially over highly confidential data where it is required by regulations. This presentation will show how this add-on product for Oracle Database performs on this difficult task, first giving an introduction to DB Vault and what protections does it brings, then showing with many examples how it is possible to bypass the protections provided. The attacks demonstrated include getting operating system access to disable DB Vault, SQL Injection and impersonation techniques to bypass DB Vault protections and how it is possible using simple exploits to circumvent DB Vault. These attack examples are accompanied by recommendations on how to protect from them. Also the presentation shows some issues with native database auditing and has a section with additional recommendations to secure DB Vault and conclusions.
-
-
7:16
»
Packet Storm Security Advisories
Trustwave WebDefend suffers from a static database password vulnerability. It was discovered in various DLLs and EXEs and affects WebDefend Enterprise Manager Appliance / Console software versions 5.0 and 4.0.
-
7:16
»
Packet Storm Security Recent Files
Trustwave WebDefend suffers from a static database password vulnerability. It was discovered in various DLLs and EXEs and affects WebDefend Enterprise Manager Appliance / Console software versions 5.0 and 4.0.
-
7:16
»
Packet Storm Security Misc. Files
Trustwave WebDefend suffers from a static database password vulnerability. It was discovered in various DLLs and EXEs and affects WebDefend Enterprise Manager Appliance / Console software versions 5.0 and 4.0.
-
-
17:14
»
Packet Storm Security Advisories
Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database. Affected are Oracle Database Server versions 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform).
-
17:14
»
Packet Storm Security Recent Files
Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database. Affected are Oracle Database Server versions 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform).
-
17:14
»
Packet Storm Security Misc. Files
Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database. Affected are Oracle Database Server versions 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform).
-
-
19:34
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-143 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache webserver which contains a JSP script vulnerable to SQL injection. The xmldirectorylist.jsp file does not properly validate the f, l, and n parameters before passing them to the database. A remote attacker can abuse this to inject SQL statements to be evaluated by the underlying database.
-
19:34
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-143 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache webserver which contains a JSP script vulnerable to SQL injection. The xmldirectorylist.jsp file does not properly validate the f, l, and n parameters before passing them to the database. A remote attacker can abuse this to inject SQL statements to be evaluated by the underlying database.
-
19:34
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-143 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache webserver which contains a JSP script vulnerable to SQL injection. The xmldirectorylist.jsp file does not properly validate the f, l, and n parameters before passing them to the database. A remote attacker can abuse this to inject SQL statements to be evaluated by the underlying database.
-
-
9:22
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Management Web Service. This process responds to SOAP 1.2 requests on port 34444 for HTTP and port 34443 for HTTPS. Due to a flaw in the implementation of the getDBConfigSettings method, it is possible for an unauthenticated user to obtain the server's database credentials, which are transmitted via plaintext. Given the database credentials, it is trivial for a remote user to authenticate to the server and execute arbitrary code under the context of the database administrator.
-
9:22
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Management Web Service. This process responds to SOAP 1.2 requests on port 34444 for HTTP and port 34443 for HTTPS. Due to a flaw in the implementation of the getDBConfigSettings method, it is possible for an unauthenticated user to obtain the server's database credentials, which are transmitted via plaintext. Given the database credentials, it is trivial for a remote user to authenticate to the server and execute arbitrary code under the context of the database administrator.
-
9:22
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the management.asmx module of the Management Web Service. This process responds to SOAP 1.2 requests on port 34444 for HTTP and port 34443 for HTTPS. Due to a flaw in the implementation of the getDBConfigSettings method, it is possible for an unauthenticated user to obtain the server's database credentials, which are transmitted via plaintext. Given the database credentials, it is trivial for a remote user to authenticate to the server and execute arbitrary code under the context of the database administrator.
-
-
7:52
»
Packet Storm Security Recent Files
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
-
7:52
»
Packet Storm Security Misc. Files
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
-
-
13:39
»
Packet Storm Security Advisories
Team SHATTER Security Advisory - Oracle Database Server versions 10gR2, 11gR1 and 11gR2 suffer from a session id extraction vulnerability.
-
13:36
»
Packet Storm Security Advisories
Team SHATTER Security Advisory - The Oracle Database Vault Administrator web console lacks any sort of cross site request forgery protection.
-
13:36
»
Packet Storm Security Misc. Files
Team SHATTER Security Advisory - The Oracle Database Vault Administrator web console lacks any sort of cross site request forgery protection.
-
-
18:16
»
SecuriTeam
This vulnerability allows remote attackers to break out of the Java Sandbox implemented by Oracle's relational database.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
1:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
-
1:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-221 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminReportTrendFormRun.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'groupList' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
-
1:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
-
1:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-221 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminReportTrendFormRun.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'groupList' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
-
-
21:01
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2120-1 - Tim Bunce discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges.
-
-
14:29
»
Wirevolution
For now, all White Spaces devices will use a geolocation database to avoid interfering with licensed spectrum users. The latest FCC Memorandum and Order on TV White Spaces says that it is still OK to have a device that uses spectrum sensing only (one that doesn’t consult a geolocation database for licensed spectrum users), but to get certified for sensing only, a device will have to satisfy the FCC’s Office of Engineering and Technology, then be approved by the Commissioners on a case-by-case basis.
So all the devices for the foreseeable future are going to use a geolocation database. But they will have spectrum-sensing capabilities too, in order to select the cleanest channel from the list of available channels provided by the database.
Fixed devices (access points) will normally have a wired Internet connection. Once a fixed device has figured out where it is, it can query the database over the Internet for a list of available channels. Then it can advertise itself on those channels.
Mobile devices (phones, laptops etc.) will normally have non-whitespace connections to the Internet too, for example Wi-Fi or cellular data. These devices can know where they are by GPS or some other location technology, and query the geolocation database over their non-whitespace connection. If a mobile device doesn’t have non-whitespace Internet connectivity, it can sit and wait until it senses a beacon from a fixed whitespace device, then query the geolocation database over the whitespace connection. There is a slight chance at this point that the mobile device is using a licensed frequency inside the licensee’s protected contour. This chance is mitigated because the contour includes a buffer zone, so a mobile device inside a protected contour should be beyond the range of any whitespace devices outside that contour. The interference will also be very brief, since when it gets the response from the database it will instantly switch to another channel.
Nine companies have proposed themselves as geolocation database providers. Here they are, linked to the proposals they filed with the FCC:
Here’s an example of what a protected contour looks like. Here’s an example database. Note that this database is not accurate yet.
Actually, a geolocation database is overkill for most cases. The bulk of the information is just a reformatting of data the FCC already publishes online; it’s only 37 megabytes compressed. It could be kept in the phone since it doesn’t change much; it is updated weekly.
The proposed database will be useful for those rare events where the number of wireless microphones needed is so large that it won’t fit into the spectrum reserved for microphones, though in this case spectrum sensing would probably suffice. In other words, the geolocation database is a heavyweight solution to a lightweight problem.
-
-
10:00
»
Hack a Day
In this tutorial we are going to cover some advanced database code as well as tie in to some more advanced GUI techniques. We left off on the last tutorial showing you how to insert and select data to/from the database as well as make a table. What we need now is to be able [...]
-
-
22:50
»
Packet Storm Security Recent Files
There exists a vulnerability within a function of the ToolTalk database server (rpc.ttdbserverd), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability can be triggered by creating a fake database (.rec file) on the system and calling remote procedure 7 of ToolTalk database server pointing to this database, leading to a heap overflow.
-
22:48
»
Packet Storm Security Advisories
There exists a vulnerability within a function of the ToolTalk database server (rpc.ttdbserverd), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability can be triggered by creating a fake database (.rec file) on the system and calling remote procedure 7 of ToolTalk database server pointing to this database, leading to a heap overflow.
-
-
6:05
»
SecDocs
Authors:
Wendel Guglielmetti Henrique Steve Ocepek Tags:
Oracle Event:
Black Hat EU 2010 Abstract: In a world of free, ever-present encryption libraries, many penetration testers still find a lot of great stuff on the wire. Database traffic is a common favorite, and with good reason: when the data includes PAN, Track, and CVV, it makes you stop and wonder why this stuff isn’t encrypted by default. However, despite this weakness, we still need someone to issue queries before we see the data. Or maybe not… after all, it’s just plaintext. Wendel G. Henrique and Steve Ocepek of Trustwave’s SpiderLabs division offer a closer look at the world’s most popular relational database: Oracle. Through a combination of downgrade attacks and session take-over exploits, this talk introduces a unique approach to database account hijacking. Using a new tool, thicknet, released at Black Hat Europe, the team will demonstrate how deadly injection attacks can be to database security.
-
6:05
»
SecDocs
Authors:
Wendel Guglielmetti Henrique Steve Ocepek Tags:
Oracle Event:
Black Hat EU 2010 Abstract: In a world of free, ever-present encryption libraries, many penetration testers still find a lot of great stuff on the wire. Database traffic is a common favorite, and with good reason: when the data includes PAN, Track, and CVV, it makes you stop and wonder why this stuff isn’t encrypted by default. However, despite this weakness, we still need someone to issue queries before we see the data. Or maybe not… after all, it’s just plaintext. Wendel G. Henrique and Steve Ocepek of Trustwave’s SpiderLabs division offer a closer look at the world’s most popular relational database: Oracle. Through a combination of downgrade attacks and session take-over exploits, this talk introduces a unique approach to database account hijacking. Using a new tool, thicknet, released at Black Hat Europe, the team will demonstrate how deadly injection attacks can be to database security.
-
-
18:25
»
remote-exploit & backtrack
Is there anybody can tell me where does pyrit stores the password database? I just ran pyrit -i dict import_passwords and I can see that the passwords are imported to a database path called "file:///" but I wonder where it is? :confused:
-
-
22:48
»
remote-exploit & backtrack
Quote:
msf > db_create
[-]
[-] Warning: The db_create command is deprecated, use db_connect instead.
[-] The database and schema will be created automatically by
[-] db_connect. If db_connect fails to create the database, create
[-] it manually with your DBMS's administration tools.
[-][*] Usage: db_create <user:pass>@<host:port>/<database>[*] Examples:[*] db_create user@metasploit3[*] db_create user:pass@192.168.0.2/metasploit3[*] db_create user:pass@192.168.0.2:1500/metasploit3
|
I got this error ,please give any idea to fix it,thanks
-
-
10:27
»
remote-exploit & backtrack
Hey guys!
I have to do some bachelor work at university and I thought about writing about "
Attacking Database Servers".
I mainly want to focus on Network Discovery, Common and Specified Attack Scenarios and Protection Mechanism.
I do
NOT want to focus on SQL Injection (I might add a little chapter on effects but not on how do SQL Inject an application), I really want to write about attacking the database servers as itself, not via an application.
I would be glad about every literature or input you know oh this topic, mainly about Oracle, MSSQL and MySQL.
I thought about The Database Hacker's Handbook: Defending Database Servers as main literature but everything else would be really appreciated since I need a lot of different literature.
Thanks in advance
-=R=-
-
-
17:00
»
Packet Storm Security Advisories
Secunia Research has discovered a security issue in Quicksilver Forums, which can be exploited by malicious people to disclose potentially sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name.
-
-
21:00
»
Packet Storm Security Tools
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
-
21:00
»
Packet Storm Security Recent Files
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
-
-
0:23
»
remote-exploit & backtrack
I was run karma.rc script and I have two problem.
1. Karma.rc console write:
"Exploit failed, could not obtain a database connection within 5 second. The max pool size is currently 30; consider increasing it."
and
" ActiveRecord:ConnectionTimeoutError, could not obtain a database..."
2. When DHCP server run write:
"Can't create PID file /var/run/dhcpd.pid: Permission denied."
Could Anybody help me?
-
-
8:22
»
Packet Storm Security Recent Files
Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious people to disclose sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. Version 0.99 is affected.
-
8:22
»
Packet Storm Security Advisories
Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious people to disclose sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. Version 0.99 is affected.
-
-
7:17
»
Hack a Day
[Brian] wrote in to show us a site he’s been working on for a while. He’s been building a tube clock database. We didn’t realize there was actually a big enough draw for such a site, but we have to admit that we spent more than a few minutes browsing through the different clocks. There [...]
-
-
21:26
»
remote-exploit & backtrack
Hi, I am doing some Pentesting at school with full permission of the target and the school. I am trying to either exploit it or use social engineering. I would prefer to try and exploit it because that would be more immediate. I looked in the exploit database but did not find an exploit. If either you can point me to an exploit in the database or some other form of exploit I would appreciate it. MITM is an option but I would prefer not to do that as I do not want to try it on a production network even though I am allowed to.
-
21:26
»
remote-exploit & backtrack
Hi, I am doing some Pentesting at school with full permission of the target and the school. I am trying to either exploit it or use social engineering. I would prefer to try and exploit it because that would be more immediate. I looked in the exploit database but did not find an exploit. If either you can point me to an exploit in the database or some other form of exploit I would appreciate it. MITM is an option but I would prefer not to do that as I do not want to try it on a production network even though I am allowed to.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant