3671 matches found
Design/Logic Flaw
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and availability, related to SYSDBA...
Design/Logic Flaw
Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors...
CVE-2011-0785
CVE-2011-0785 affects Oracle Help component exposed by Oracle Database Server (versions 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3–10.2.0.5, 10.1.0.5) and Oracle Fusion Middleware (11.1.1.2.0–11.1.1.4.0). Root cause: unspecified vulnerability in the Oracle Help component allowing remote int...
CVE-2011-0806
CVE-2011-0806 affects Oracle Database Server on Windows (10gR1/10gR2/11gR1/11gR2, etc.) in the Network Foundation component. Multiple connected sources describe an unspecified vulnerability that can allow remote attackers to affect availability via unknown vectors. The vulnerability is linked to ...
CVE-2011-0804
CVE-2011-0804 affects Oracle Database Server via the Database Vault component across versions 10.2.0.3–11.2.0.2. The impact is confidentiality and integrity with unknown vectors and requires remote authenticated access (per CVE entry and NVD entry). Oracle’s April 2011 CPU advisory documents this...
CVE-2011-0785
Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors...
CVE-2011-0792
CVE-2011-0792 affects Oracle Warehouse Builder (OWB) in Oracle Database Server 10.2.0.5 and 11.1.0.7. The vulnerability is a PL/SQL injection in OWBREPOS_OWNER.WB_OLAP_AW_SET_SOLVE_ID, which can let an attacker with OWBREPOS_OWNER rights escalate privileges and potentially access the OS. This is ...
CVE-2011-0806
Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors...
CVE-2011-0792
Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 OWB and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Dimensional Data Modeling...
CVE-2010-3600
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...
Design/Logic Flaw
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to MDSYS...
CVE-2010-4420
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows local users to affect confidentiality and integrity via unknown vectors...
CVE-2010-4420
CVE-2010-4420 affects Oracle Database with Database Vault (versions 10.2.0.3–10.2.0.5, 11.1.0.7, 11.2.0.1). The initial entry describes an unspecified local vulnerability affecting confidentiality and integrity via unknown vectors in the Database Vault component. Connected sources confirm the vul...
CVE-2010-4421
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
CVE-2010-4421
CVE-2010-4421 concerns Oracle Database Server’s Database Vault component (versions 10.2.0.3–11.2.0.1). The connected ThreatPost coverage notes it is remotely exploitable over HTTP without authentication, allowing impacts to confidentiality, integrity, and availability. The CVE is addressed in Ora...
Oracle Database Multiple Vulnerabilities (January 2011 CPU)
The remote Oracle database server is missing the January 2011 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Client System Analyzer - Cluster Verify Utility - Database Vault - Oracle Spatial - Scheduler Agent - UIX %NASLMINLEVEL...
Oracle Database Multiple Vulnerabilities (October 2010 CPU)
The remote Oracle database server is missing the October 2010 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Enterprise Manager Console - Java Virtual Machine - Change Data Capture - OLAP - Job Queue - XDK - Core RDBMS - Perl...
Update : Havij v1.13 automated SQL Injection tool - New version
Update : Havij v1.13 automated SQL Injection tool - New version "Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform...
Oracle数据库CREATE_CHANGE_SET过程SQL注入漏洞
BUGTRAQ ID: 43956 CVE ID: CVE-2010-2415 Oracle是大型的商业数据库系统。 Oracle数据库的Change Data Capture组件中提供了一个DBMSCDCPUBLISH PL/SQL软件包,该软件包的CREATECHANGESET过程中存在SQL注入漏洞。恶意用户可以以特殊参数调用有漏洞的过程,导致以SYS用户的权限执行SQL语句。 利用这个漏洞要求拥有对SYS.DBMSCDCPUBLISH软件包的EXECUTE权限。默认下给予了EXECUTECATALOGROLE角色的用户拥有这个权限。 Oracle Database 11.2.0....