Esteban Martinez Fayo

9 exploits Active since Aug 2004
CVE-2005-4832 METASPLOIT ruby WORKING POC
Oracle Database Server 10g - SQL Injection
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
CVE-2006-0287 EXPLOITDB text WORKING POC
Oracle HTTP Server <10.1.0.5-10.1.2.0.2 - Unspecified
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.
EIP-2026-117731 EXPLOITDB WORKING POC
Oracle Database PL/SQL Statement - Multiple SQL Injections s
EIP-2026-117732 EXPLOITDB WORKING POC
Oracle Database Server 10.1.0.2 - Local Buffer Overflow
CVE-2007-0297 EXPLOITDB text WORKING POC
Oracle PeopleSoft Enterprise & JD Edwards EnterpriseOne <8.47.11-8....
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.
EIP-2026-104028 EXPLOITDB text WORKING POC
Oracle 8.x/9.x/10.x Database - Multiple SQL Injections
CVE-2004-1774 EXPLOITDB text WORKING POC
Oracle Application Server - Buffer Overflow
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
CVE-2012-3137 EXPLOITDB python WORKING POC
Oracle Database Server - Info Disclosure
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
CVE-2006-0015 EXPLOITDB text WORKING POC
Microsoft Frontpage Server Extensions - XSS
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.