Obtrusities: Where the Abstruse Meets the Obtuse

TLDR: Oracle Database is vulnerable to user privilege escalation via a java deserialization vector that bypasses built in Oracle JVM secur...

In honor of Throwback Thursday, I'll take a detour from my usual dive into obtuse corners of penetration testing and security analysis, ...

Overview The previous post discussed a bug in older versions of the Oracle dbms_assert.enquote_literal method, that could allow an attacke...

DBMS_ASSERT is a built in package in the Oracle database that is often used to protect dynamic SQL statements from SQL injection. However,...