what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from Pete Finnigan

oracle-privilege.txt

Posted Oct 22, 2008

Authored by Pete Finnigan | Site petefinnigan.com

Oracle Application Express (APEX) suffers from an excessive privileges issue in relation to the FLOWS database schema/user account.

tags | advisory

SHA-256 | 882a4730a9ac5f34d49c20a010a691e36ff7442ad833b301e662a5a8e1396987

Download | Favorite | View

oraclecpu-priv.txt

Posted Jan 31, 2008

Authored by Pete Finnigan | Site petefinnigan.com

PeteFinnigan.com Limited advisory for Oracle January 2008 CPU - The Oracle Ultra-Search provides excessive privileges assigned to the WKSYS database schema/user account.

tags | advisory

SHA-256 | ecd73ca17fc3ba606b76d0b68fffcc52db6c559340b1e155d7525cf487cb8bda

Download | Favorite | View

oracle-sysdba.txt

Posted Nov 13, 2007

Authored by Pete Finnigan

Tanel Poder has found a way to get SYSDBA access to the Oracle database by utilizing a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGE_USER and CREATE SESSION.

tags | advisory

SHA-256 | 5e1b4edfe37135b33516348ba90362ecdd76608bd6edb343794c43e552bfcfda

Download | Favorite | View

petefinnigan.pdf

Posted Aug 18, 2006

Authored by Pete Finnigan | Site petefinnigan.com

Black Hat Conference Presentation - How to Unwrap Oracle PL/SQL.

tags | paper

SHA-256 | 129dd1ef0f1f01363f56cf461f6fea2c38b211109db9b4f409ac4020178a32c0

Download | Favorite | View

directory_traversal.pdf

Posted Jan 19, 2005

Authored by Pete Finnigan | Site petefinnigan.com

Abuse problems exist for the DIRECTORY object in Oracle. Patches have been released for this issue.

tags | advisory

SHA-256 | b3b6b54f394e80b1a15a725f18af3bfdcad2376d96c5ff42d1c82ceca09cb3a2

Download | Favorite | View