Monthly Archives: August 2018

Apache Struts 2 vulnerability

Posted on August 30, 2018 by rlockard

Apache Struts 2 The Apache Struts 2 vulnerability may impact you. Proof of concept code has been released on gethub and is actively being discussed in underground forums. No plugins are needed for this exploit. All the attacker needs is … Continue reading →

Posted in infosec | Leave a comment

Critical #Weblogic flaw needs to be patched. #infosec #oracle

Posted on August 14, 2018 by rlockard

The patch is in the July 2018 CPU patch. What can happen: An attacker can gain control over the Weblogic server without knowing the password. Affected versions. 10.3.6.0, 12.1.3.0, 12.2.1.2, and 12.2.1.3 Reference URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2893 Known Attacks. There are two … Continue reading →

Posted in infosec | Leave a comment

Critical #Oracle Database flaw needs to be patched today. #infosec #exploit #java

Posted on August 14, 2018 by rlockard

Critical Oracle Database flaw needs to be patched. The patch is in the July 2018 CPU patch. The exploit is in the Oracle Java VM. Read: https://nvd.nist.gov/vuln/detail/CVE-2018-3110 This is an easily exploited flaw, that allows a user with low level … Continue reading →

Posted in infosec, Security | Tagged #nist, bug, exploit, java, oracle | Leave a comment

Upcoming Talks

Posted on August 9, 2018 by rlockard

POUG: 7-8.09.2018 (booked) PL/SQL Secure Coding Practices ECOUG: 18-19.09.2018 (booked) Holistic Database Security BGOUG: 16-18.11.2018 (planned) Blockchain a primer. There is a lot of confusion about the blockchain. Blockchain is not crypto currency, block chain is the one part of the … Continue reading →

Posted in infosec | Tagged blockchain, infosec, justice, pl/sql, Security | Leave a comment

Oracle Privilege analysis #Quicktip

Posted on August 7, 2018 by rlockard

Here is a quick tip on Oracle privilege analysis. Frequently I want to find out all of the ways a user can get to an object for any privilege. DBA_TAB_PRIVS and DBA_ROLE_PRIVS are the two views I go to. I … Continue reading →

Posted in infosec | Tagged infosec, oracle, privilege analysis, Security | Leave a comment

#POUG2018 is right around the corner.

Posted on August 6, 2018 by rlockard

Let’s start with some key facts. I learned this from my High School Civics teacher who made us learn a bit about journalism along with studying the Constitution. Who: The Polish Oracle Users Group, hosted by some of the most … Continue reading →

Posted in Database Stuff, encryption, infosec, Oracle Users Group | Tagged Gdańsk, Oracle Users Group, Poland, Polish, users group | Leave a comment

Common mistake when loading data into an #encrypted database.

Posted on August 6, 2018 by rlockard

There is a mistake that I’m seeing frequently. Loading a raw data file into an encrypted database then leaving the data file on an unencrypted device. After loading the data into the database; if you don’t need the data file … Continue reading →

Posted in infosec | Tagged Encryption, infosec, mistakes | Leave a comment