mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 22:53:11 +00:00
1.7 KiB
1.7 KiB
CVE-2012-1675
Description
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."
POC
Reference
- http://seclists.org/fulldisclosure/2012/Apr/204
- http://seclists.org/fulldisclosure/2012/Apr/343
- http://www.kb.cert.org/vuls/id/359816
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/Rohan-flutterint/odat
- https://github.com/Srilakshmivt/Task3.VulnerabilityScanning-using-Nessus
- https://github.com/bongbongco/CVE-2012-1675
- https://github.com/karlvbiron/OracleDB-PenTest-Engagement-via-ODAT
- https://github.com/karlvbiron/OracleDB-PenTest-Exercise-via-ODAT
- https://github.com/oneplus-x/jok3r
- https://github.com/quentinhardy/odat
- https://github.com/rohan-flutterint/odat
- https://github.com/rohankumardubey/odat
- https://github.com/rossw1979/ODAT
- https://github.com/shakenetwork/odat