Security vulnerabilities I've found

Papers on Buffer Overflows
An Introduction to Heap overflows on AIX 5.3L, August 2005
Buffer Underruns, DEP, ASLR and Improving the Exploitation Prevention Mechanisms (XPMs) on the Windows Platform, September 2005
Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server, September 2003
Variations in Exploit methods between Linux and Windows, July 2003
Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP, March 2002
Windows Heap Overflows, July 2004
Windows 2000 Format String Vulnerabilities, May 2002
Buffer Overflows on SPARC Architecture, August 2001
Buffer Overflows for Beginners, June 2001
Analysis of the winhlp32.exe buffer overrun, May 1999
Exploiting Windows NT 4.0 Buffer Overruns (A Case Study: RASMAN.EXE), May 1999

Papers on Oracle Forensics
The Oracle Data Block, October 2010
Oracle Forensics: How attackers break in, April 2011
Oracle Forensics: Preventing break ins, April 2011
Oracle Forensics: Investigating PL/SQL Injection, July 2010
Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Investigations, November 2008
Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin, August 2007
Oracle Forensics Part 5: Finding Evidence in the Absence of Auditing, August 2007
Oracle Forensics Part 4: Live Response, April 2007
Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism, March 2007
Oracle Forensics Part 2: Locating Dropped Objects, March 2007
Oracle Forensics Part 1: Dissecting the Redo Logs, March 2007

Papers on Database Security
Addendum to the CIS Benchmark for Oracle 12c, January 2017
Executing SQL as SYS from APPS in Oracle's eBusiness Suite, June 2016
Assessing Oracle's eBusiness Suite Security, January 2016
Exploiting the Oracle Workspace Manager SQL Race Condition, January 2016
OLAP DML Injection, August 2015
Exploiting PL/SQL Injection on Oracle with only CREATE SESSION privileges (6th Edition), August 2015
Privilege Escalation via Oracle Indexes, January 2015
DBMS_XMLSTORE as an Auxiliary SQL Injection Function in Oracle 12c, July 2014
Oracle Data Redaction is Broken, July 2014
Exploiting PL/SQL Injection on Oracle 12c with only CREATE SESSION privileges, May 2014
Security Considerations for SYS_REFCURSOR use in Oracle PL/SQL Applications, July 2011
The Security Impact of Global Cursors in Oracle PL/SQL, June 2011
Slammer, October 2010
Hacking Aurora in Oracle 11g, October 2009
Exploiting PL/SQL Injection With Only CREATE SESSION Privileges in Oracle 11g , October 2009
CPNI: Understanding Database Security, July 2008
In-memory backdoors in Oracle, November 2007
Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges, February 2007
Bypassing DBMS_ASSERT (in certain situations), July 2008
Securing PL/SQL Applications with DBMS_ASSERT, October 2005
Lateral SQL Injection Revisited, January 2012
Lateral SQL Injection - A New Class of Vulnerability in Oracle., February 2008
Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences, February 2007
Cursor Snarfing - A New Class of Attack in Oracle, November 2006
Oracle PL/SQL Gateway 0-day, November 2005
Token Snagging on Database Servers (n.b. predates Cesar Cerrudo's Token Kidnapping [2008]), November 2005
Data-mining with SQL Injection and Inference, September 2005
Oracle PL/SQL Injection (Blackhat Japan), October 2004
Threat Profiling Microsoft SQL Server, July 2002
Hack Proofing Oracle Application Server, January 2002
Microsoft SQL Server Passwords, June 2002
Database Servers on Windows XP and the Unintended Consequences of Simple File Sharing, November 2005
Web Application Disassembly with ODBC Error Messages, November 2001
Hackproofing Lotus Domino Web Server, October 2001

Papers on Web Security
Bypassing XSS Filters using XML Internal Entities, July 2016
New Attack Vectors and a Vulnerability Dissection of MS03-007, March 2003
Assessing IIS Configuration Remotely, February 2002
Email spoofing with CDONTS.NEWMAIL, January 2002

My very first security "paper"
Hacking NT - A Wee Story, February 1998

© David Litchfield, 2013.

Oracle Hacker's Handbook
Database Hacker's Handbook
Shellcoder's Handbook