Alexander Kornbrust

16 exploits Active since Sep 2004
CVE-2005-1380 EXPLOITDB text WORKING POC
BEA Admin Console 8.1 - XSS
Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
CVE-2005-1382 EXPLOITDB text WRITEUP
Oracle Webcache 9i - Path Traversal
The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.
EIP-2026-104037 EXPLOITDB text WORKING POC
Oracle Reports Server 6.0.8/9.0.x - Arbitrary File Disclosure
EIP-2026-104038 EXPLOITDB text WRITEUP
Oracle Reports Server 6.0.8/9.0.x - Unauthorized Report Execution
EIP-2026-104039 EXPLOITDB text WORKING POC
Oracle Reports Server 6.0.8/9.0.x - XML File Disclosure
CVE-2005-3204 EXPLOITDB text WORKING POC
Oracle XML DB 9iR2 - XSS
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.
EIP-2026-104030 EXPLOITDB text WRITEUP
Oracle 9i/10g - Database Fine Grained Audit Logging Failure
CVE-2005-1383 EXPLOITDB text WRITEUP
Oracle Application Server <10.x - Auth Bypass
The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.
CVE-2005-1381 EXPLOITDB text WORKING POC
Oracle Webcache 9i - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.
CVE-2005-1381 EXPLOITDB text WORKING POC
Oracle Webcache 9i - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.
CVE-2004-0637 EXPLOITDB text WORKING POC
Oracle Database Server <9.2.0.4 - Privilege Escalation
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
EIP-2026-104033 EXPLOITDB text WRITEUP
Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services - Unauthorized Form Execution
EIP-2026-104036 EXPLOITDB text WORKING POC
Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2009-0981 EXPLOITDB text WRITEUP
Oracle Database 11.1.0.7 - Info Disclosure
Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.
CVE-2005-3207 EXPLOITDB text WORKING POC
Oracle Forms 4.5.10.22 - DoS
The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.
CVE-2005-3206 EXPLOITDB text WORKING POC
Oracle9i Database Server Release 2 9.0.2.4 - DoS
iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.