what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Egor Karbutov

Oracle E-Business Suite 12.1.3 / 12.1.4 SQL Injection

Posted Oct 27, 2015

Authored by Alexey Tyurin, Ivan Chalykin, Egor Karbutov, Nikita Kelesis

Oracle E-Business Suite suffers from a remote SQL injection vulnerability. Versions 12.1.3 and 12.1.4 are affected.

tags | advisory, remote, sql injection

advisories | CVE-2015-4846

SHA-256 | bed7d6cdc8769e52a8aa6079d2197b1a4a13e686111b6e01d1e0c62a2b41c50d

Download | Favorite | View

Oracle E-Business Suite 12.2.4 Database User Enumeration

Posted Oct 27, 2015

Authored by Alexey Tyurin, Ivan Chalykin, Egor Karbutov, Nikita Kelesis

There is a script in EBS that is used to connect to the database and displays the connection status. Different connection results can help an attacker to find existing database accounts. Version 12.2.4 is affected.

tags | advisory

advisories | CVE-2015-4845

SHA-256 | 1aa0dba66e594f4a17c1c25ee299403e80adb017253f58e948040cbe8038ad7f

Download | Favorite | View