3672 matches found
CVE-2014-4295
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563...
CVE-2014-6453
Technical details about CVE-2014-6453 are not publicly available in the provided documents; no specifics on affected product versions, root cause, or exploit info are given. Monitor for updates.
Oracle GENERATESCHEMA Buffer Overflow Exploit
This Exploit a buffer overflow in Oracle10g. When sending a specially formatted query to the GENERATESCHEMA function in the XDB.DBMSXMLSCHEMA package, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 0 then rexploit with target 1. Th...
CVE-2014-2520
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request...
CVE-2014-2520
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request...
Researcher Uncovers Vulnerability Oracle Data Redaction Security Feature
Oracle’s newly launched Data Redaction security feature in Oracle Database 12c can be easily disrupted by an attacker without any need to use exploit code, a security researcher long known as a thorn in Oracle's side said at Defcon. Data Redaction is one of the new Advanced Security features...
SUSE-SU-2015:0907-1 Security update for oracle-update
This critical patch update contains 5 security fixes for the Oracle Database Server. One of the vulnerabilities could have been exploited over the network without a valid username and password. Security Issues: CVE-2013-3751 CVE-2013-3774 CVE-2014-4236 CVE-2014-4237 CVE-2014-4245...
SUSE-SU-2015:0498-2 Security update for oracle-update
This critical patch update contains 5 security fixes for the Oracle Database Server. One of the vulnerabilities could have been exploited over the network without a valid username and password. Security Issues: CVE-2013-3751 CVE-2013-3774 CVE-2014-4236 CVE-2014-4237 CVE-2014-4245...
SUSE-SU-2015:0498-1 Security update for oracle-update
This critical patch update contains 5 security fixes for the Oracle Database Server. One of the vulnerabilities could have been exploited over the network without a valid username and password. Security Issues: CVE-2013-3751 CVE-2013-3774 CVE-2014-4236 CVE-2014-4237 CVE-2014-4245...
CVE-2014-4236
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors...
UBUNTU-CVE-2014-4240
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP...
CVE-2014-4237
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors...
CVE-2014-4245
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors...
CVE-2014-4245
CVE-2014-4245 is an unspecified vulnerability in the RDBMS Core of Oracle Database Server affecting 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1. The impact is limited to confidentiality and requires remote authenticated access; vectors are unknown. CVSS v2 base score reported as 3.5 (low). Public ...
Oracle Database Multiple Vulnerabilities (July 2014 CPU)
The remote Oracle database server is missing the July 2014 Critical Patch Update CPU. It is, therefore, affected by security issues in the following components : - XML Parser - Network Layer - RDBMS Core %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Oracle July 2014 Critical Patch Update
Never one to skimp on patches, Oracle is expected to release 113 of them tomorrow as part of its quarterly Critical Patch Update. The company also clarified that Java 7 versions will continue to work on the end-of-life Microsoft Windows XP platform and Oracle security updates for Java on XP...
ODAT - Oracle Database Attacking Tool
ODAT Oracle Database Attacking Tool is an open source penetration testing tool that test the security of Oracle Databases remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a val...
Oracle 9i/10g Database Network Foundation Remote Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35684/info Oracle Database is prone to a remote vulnerability in Network Foundation. The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't require privileges to exploit this vulnerability...
Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter...