Penetration Testing mailing list archives
Re: [PEN-TEST] database security
From: Alfred Huger <ah () SECURITYFOCUS COM>
Date: Tue, 29 Aug 2000 10:14:33 -0700
On Tue, 29 Aug 2000, mount ararat blossom wrote:
hi folks, do you know any site which has some whitepapers about database security issues especially on MS SQL, Oracle and Sybase. Plus i wanna check some database hacking techniques. regards MAB
Some papers,vulns and toolz etc. YMMV. 1. A Misuse Detection System for Database Systems (library) url: http://www.securityfocus.com/library/1938 2. A Misuse Detection System for Database Systems (library) url: http://www.securityfocus.com/library/1938 3. Oracle Security (library) url: http://www.securityfocus.com/library/8 4. Decentralized Group Hierarchies in UNIX: An Experiment and Lessons Learned (library) url: http://www.securityfocus.com/library/2006 Some vulnerabilities: 5. Sybase Power Dynamo Directory Traversal Vulnerability (vulnerabilities) url: http://www.securityfocus.com/bid/620 6. Oracle Web Listener Denial of Service Vulnerability (vulnerabilities) url: http://www.securityfocus.com/bid/1427 7. Oracle Web Listener Batch File Vulnerability (vulnerabilities) url: http://www.securityfocus.com/bid/1053 8. Oracle for Linux Installer Vulnerability (vulnerabilities) url: http://www.securityfocus.com/bid/1035 9. Oracle Web Listener URL Character Substitution Vulnerability url: http://www.securityfocus.com/bid/841 10. Oracle Intelligent Agent Vulnerability (vulnerabilities) url: http://www.securityfocus.com/bid/585 11. Oracle 8 File Acess Vulnerabilities (vulnerabilities) url: http://www.securityfocus.com/bid/170 12. Oracle 8 oratclsh Suid Vulnerability (vulnerabilities) url: http://www.securityfocus.com/bid/159 13. Microsoft SQL Server Enterprise Manager Password Disclosure Vulnerability url: http://www.securityfocus.com/bid/1466 14. Microsoft SQL Server 7.0 Stored Procedure Vulnerability url: http://www.securityfocus.com/bid/1444 15. Microsoft SQL Server 7.0 System Administrator Password Disclosure Vulnerability url: http://www.securityfocus.com/bid/1281 16. Microsoft SQL Server DTS Password Disclosure Vulnerability url: http://www.securityfocus.com/bid/1292 17. Microsoft SQL Server Xp_sprintf buffer overflow (vulnerabilities) url: http://www.securityfocus.com/bid/1204 18 Microsoft SQL Weak Password Encryption Vulnerability (vulnerabilities) url: http://www.securityfocus.com/bid/1055 19. Microsoft SQL Server Non-Validated Query Vulnerability url: http://www.securityfocus.com/bid/1041 20. Microsoft SQL Server 7.0 NULL Data DoS Vulnerability (vulnerabilities) url: http://www.securityfocus.com/bid/817 Some tools.. 21. GNITvse rc1: GNIT Vulnerability Scanning Engine - (tools) url: http://www.securityfocus.com/tools/1369 22. SQLdict (tools) url: http://www.securityfocus.com/tools/1322
Current thread:
- [PEN-TEST] database security mount ararat blossom (Aug 29)
- Re: [PEN-TEST] database security Alfred Huger (Aug 29)
- Re: [PEN-TEST] database security Ben Lull (Aug 29)
- Re: [PEN-TEST] database security Nicolas Gregoire (Aug 29)
- <Possible follow-ups>
- Re: [PEN-TEST] database security David Jahne (Aug 29)