I remember a while ago there were some DoS stuff out for the Spyglass web
server (resides on the Application Tier). It would crash it under certain
circumstances.

You might want to make sure that the site has the configuration setup
properly. All 10.7NCA users are logging into the system using
applsyspub/pub as the username/password pair. From their, a login box
prompts you for a specific username and password. The database tier should
be setup to only allow connections to/from the application tier. You might
be able to bypass the app tier altogether and log into the db directly with
applsyspub/pub.

All of that and more should be in Metalinks....

Tom

-----Original Message-----
From: Simon Waters [mailto:Simonwretched.demon.co.uk]
Sent: Friday, February 02, 2001 11:38 AM
To: PEN-TESTSECURITYFOCUS.COM
Subject: Re: Oracle

Michael Graham wrote:
>
> Dear all,
>
> Is anyone aware of any vulnerabilities effecting Oracle 10.7 application?
I
> am currently auditing one yet, can't find any info in the usual places.

Have you had a dig at Oracle Metalink?

I assume you've looked for ordinary Oracle vulnerabilities?

        Simon

--
Business http://www.eighth-layer.com/
Personal http://www.wretched.demon.co.uk/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]