Published Vulnerabilities

Sat
14
Apr

Blind SQL Injection Vulnerabilities reported to Oracle Corporation

Blind SQL Injection Vulnerabilities reported to Oracle Corporation

The well known Vulnerability Laboratory Researcher Shadab Siddiqui (23) from Indian has discovered this week a remote vulnerability with critical severity to oracle. Oracle Corporation (NASDAQ: ORCL) is an american multi-national computer technology corporation that specializes in developing and marketing computer hardware systems and enterprise software products – particularly database management systems.

Laboratory:

https://www.vulnerability-lab.com/show.php?user=Shadab%20Siddiqui

Wed
07
Mar

FlashFXP Software Client – Buffer Overflow Vulnerability

FlashFXP Software Client – Buffer Overflow Vulnerability

The vulnerability laboratory researcher Benjamin Kunz Mejri discovered a new issue on the famous FLashFXP Software Client by OpenSight Software. The vulnerability is located when processing to force a ListIndex Out of Bound(s) exception which allows to overwrite ecx & eip of the affected software process. Successful exploitation can result in process compromise, execution of arbitrary code, system compromise or escaltions with privileges of affected vulnerable software process.

The flaw is a direct result of a fixed length buffer being used in the TListBox control and the lack of range checking. The code assumes that the string returned by the listbox control will be less than 4097 characters.

Pages

Subscribe to RSS - Published Vulnerabilities