Research

Advisories

2006

11/06 - Microsoft Windows Kernel GDI local privilege escalation             procedure
             (PoC)

04/18 - Oracle Database 10gR1 Buffer overflow in VERIFY_LOG             procedure
             (Workaround)

04/11 - Vulnerability in Microsoft FrontPage Server Extensions

01/26 - Oracle Database Buffer overflows vulnerabilities in public procedures             of XDB.DBMS_XMLSCHEMA{_INT}
             (PoC Exploits)

2005

10/19 - Story of a dumb patch

07/22 - Oracle 9iR2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL             package
             (Workaround)

06/02 - Remote buffer overflow in WebSphere Application Server             Administrative Console

05/27 - BEA WebLogic Administration Console error page cross-site scripting

05/27 - BEA WebLogic Administration Console cross-site scripting

04/18 - Denial of Service in Oracle interMedia
            (POC Exploit) (Workaround)

04/18 - Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and             DBMS_CDC_ISUBSCRIBE packages
            (POC Exploit) (Workaround)

04/18 - Multiple SQL Injection vulnerabilities in DBMS_METADATA package
            (POC Exploit) (Workaround)

04/18 - SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure
            (Workaround)

04/18 - SQL Injection in CREATE_SCN_CHANGE_SET procedure
            (Workaround)

03/07 - Oracle Database Server Directory traversal

02/08 - COM Structured Storage Vulnerability
            (POC Exploit)


2004

12/14 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
12/14 - Vulnerability in Windows LSASS Could Allow Elevation of Privilege
08/31 - Multiple vulnerabilities in Oracle Database Server
07/13 - Vulnerability in Utility Manager Could Allow Code Execution
04/13 - Utility Manager Vulnerability



Whitepapers & Presentations

2008

05/17 - Token Kidnapping

2007

11/30 - Ataques a aplicaciones de base de datos

11/20 - Data0: Next generation malware for stealing databases

04/12 - Hacking Databases for owning your data

03/09 - Practical security audit: Oracle case

2006

03/14 - WLSI - Windows Local Shellcode Injection

2005

10/19 - Story of a dumb patch

08/03 - Demystifying MS SQL Server & Oracle Database Server security (Black Hat USA 2005 presentation)

08/03 - Advanced SQL Injection in Oracle Databases (Black Hat USA 2005 presentation)

05/18 - Hacking Windows Internals

02/03 - Advanced SQL Injection in Oracle databases


© Copyright 2008 Argeniss. All Rights Reserved.