CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Metasploit Modules Related To Oracle

CVE-2001-499  Oracle 8i TNS Listener (ARGUMENTS) Buffer Overflow
This module exploits a stack buffer overflow in Oracle 8i. When sending a specially crafted packet containing a overly long ARGUMENTS string to the TNS service, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2002-965  Oracle 8i TNS Listener SERVICE_NAME Buffer Overflow
This module exploits a stack buffer overflow in Oracle. When sending a specially crafted packet containing a long SERVICE_NAME to the TNS service, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2003-727  Oracle 9i XDB FTP PASS Overflow (win32)
By passing an overly long string to the PASS command, a stack based buffer overflow occurs. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods between Linux and Windows" presented at the Blackhat conference.
Module type : exploit Rank : great Platforms : Windows
CVE-2003-727  Oracle 9i XDB FTP UNLOCK Overflow (win32)
By passing an overly long token to the UNLOCK command, a stack based buffer overflow occurs. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods between Linux and Windows" presented at the Blackhat conference. Oracle9i includes a number of default accounts, including dbsnmp:dbsmp, scott:tiger, system:manager, and sys:change_on_install.
Module type : exploit Rank : great Platforms : Windows
CVE-2003-727  Oracle 9i XDB HTTP PASS Overflow (win32)
This module exploits a stack buffer overflow in the authorization code of the Oracle 9i HTTP XDB service. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB), during a seminar on "Variations in exploit methods between Linux and Windows" presented at the Blackhat conference.
Module type : exploit Rank : great Platforms : Windows
CVE-2005-4832  Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
This module will escalate a Oracle DB user to DBA by exploiting an sql injection bug in the SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION package/function. This vulnerability affects to Oracle Database Server 9i up to 9.2.0.5 and 10g up to 10.1.0.4.
Module type : auxiliary Rank : normal
CVE-2006-2081  Oracle DB SQL Injection via DBMS_EXPORT_EXTENSION
This module will escalate a Oracle DB user to DBA by exploiting an sql injection bug in the DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA package. Note: This module has been tested against 9i, 10gR1 and 10gR2.
Module type : auxiliary Rank : normal
CVE-2007-5511  Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method
This module will escalate a Oracle DB user to DBA by exploiting an sql injection bug in the SYS.LT.FINDRICSET package via Evil Cursor technique. Tested on oracle 10.1.0.3.0 -- should work on thru 10.1.0.5.0 and supposedly on 11g. Fixed with Oracle Critical Patch update October 2007.
Module type : auxiliary Rank : normal
CVE-2008-3257  Oracle Weblogic Apache Connector POST Request Buffer Overflow
This module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.
Module type : exploit Rank : great Platforms : Windows
CVE-2008-3979  Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger
This module will escalate a Oracle DB user to MDSYS by exploiting an sql injection bug in the MDSYS.SDO_TOPO_DROP_FTBL trigger. After that exploit escalate user to DBA using "CREATE ANY TRIGGER" privilege given to MDSYS user by creating evil trigger in system scheme (2-stage attack).
Module type : auxiliary Rank : normal
CVE-2008-3982  Oracle DB SQL Injection via SYS.LT.COMPRESSWORKSPACE
This module exploits an sql injection flaw in the COMPRESSWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.
Module type : auxiliary Rank : normal
CVE-2008-3983  Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE
This module exploits an sql injection flaw in the MERGEWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.
Module type : auxiliary Rank : normal
CVE-2008-3984  Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE
This module exploits an sql injection flaw in the REMOVEWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.
Module type : auxiliary Rank : normal
CVE-2008-3995  Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
The module exploits an sql injection flaw in the ALTER_AUTOLOG_CHANGE_SOURCE procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1. Fixed with October 2008 CPU.
Module type : auxiliary Rank : normal
CVE-2008-3996  Oracle DB SQL Injection via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE
The module exploits an sql injection flaw in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure of the PL/SQL package DBMS_CDC_IPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1. Fixed with October 2008 CPU.
Module type : auxiliary Rank : normal
CVE-2008-4008  BEA Weblogic Transfer-Encoding Buffer Overflow
This module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. This vulnerability exists in the error reporting for unknown Transfer-Encoding headers. You may have to run this twice due to timing issues with handlers.
Module type : exploit Rank : great Platforms : Windows
CVE-2008-5444  Oracle Secure Backup NDMP_CONNECT_CLIENT_AUTH Buffer Overflow
The module exploits a stack buffer overflow in Oracle Secure Backup. When sending a specially crafted NDMP_CONNECT_CLIENT_AUTH packet, an attacker may be able to execute arbitrary code.
Module type : exploit Rank : good Platforms : Windows
CVE-2008-5448  Oracle Secure Backup exec_qr() Command Injection Vulnerability
This module exploits a command injection vulnerablility in Oracle Secure Backup version 10.1.0.3 to 10.2.0.2.
Module type : auxiliary Rank : normal
CVE-2008-5457  BEA WebLogic JSESSIONID Cookie Value Overflow
This module exploits a buffer overflow in BEA's WebLogic plugin. The vulnerable code is only accessible when clustering is configured. A request containing a long JSESSION cookie value can lead to arbirtary code execution.
Module type : exploit Rank : good Platforms : Windows
CVE-2009-978  Oracle DB SQL Injection via SYS.LT.ROLLBACKWORKSPACE
This module exploits an sql injection flaw in the ROLLBACKWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.
Module type : auxiliary Rank : normal

Please note: Metasploit modules are only matched by CVE numbers. There may be other modules related to this product. Visit metasploit web site for more details
Total number of modules found = 74   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.