3671 matches found
Oracle Database Trigger MDSYS.SDO_TOPO_DROP_FTBL SQL Injection (CVE-2008-3979)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects such as procedures, functions, triggers, variables, constants, cursors, and exceptions, are provided in order t...
Oracle Database Server XDB PITRIG_TRUNCATE Procedure Buffer Overflow (CVE-2008-0339)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, e.g., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server DBMS_AQELM Package Buffer Overflow (CVE-2008-2607)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, e.g., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) root compromise / VU#433821
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Executive Summary - ----------------- Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run. If a remote user can introduce a file into the filesystem e.g. anonymous ftp, http upload, cdrom, samba share,...
Oracle Database Server XDB.DBMS_XMLSCHEMA Buffer Overflow (CVE-2006-0272)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Application Server 10g emagent.exe Stack Buffer Overflow
Oracle Database is an enterprise-level relational database suite. It contains many components that enable users and administrators to access it for various tasks, such as database manipulation, or administration of the numerous Oracle services. One of such management utilities in the Oracle...
Oracle Database sys.pbsde.init Procedure Buffer Overflow (CVE-2005-3438)
Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...
Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow (CVE-2007-2170)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database SUBSCRIPTION_NAME Parameter SQL Injection (CVE-2005-1197)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided to the database user i...
Oracle Database Server DBMS_METADATA Package SQL Injection (CVE-2005-1197)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided to the database user i...
Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)
Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...
Oracle Advanced Replication组件REPCAT_RPC.VALIDATE_REMOTE_RC()函数权限提升漏洞
BUGTRAQ ID: 35685 CVE ID: CVE-2009-1021 Oracle Database是一款商业性质大型数据库系统。 Oracle数据库Advanced Replication组件中的REPCATRPC.VALIDATEREMOTERC函数执行了可能受控的匿名PL/SQL。该函数取当前登录用户名为第一个参数,第二个参数VALIDATESTRING直接放到了PLSQL的匿名块中并执行: ... ... SQLCURSOR := DBMSSQL.OPENCURSOR; DBMSSQL.PARSESQLCURSOR, 'BEGIN ' || ' :err :=...
Oracle Database Server XDB PITRIG TRUNCATE and DROP SQL Injection (CVE-2008-0339)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database dbms_assert Filter Bypass (CVE-2006-5340)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database SYS.KUPW-WORKER Package MAIN Procedure SQL Injection (CVE-2006-3698)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server MDSYS.SDO_LRS Package SQL Injection (CVE-2006-5340)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server SYS.LT.FINDRICSET Function SQL Injection (CVE-2007-5511)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server SQL Injection In Package SYS.KUPV (CVE-2006-0586)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server Network Authentication AUTH_SESSKEY Buffer Overflow (CVE-2009-1979)
Oracle Database Server is an enterprise-level relational database application suite. A buffer overflow vulnerability exists in the Oracle Database server, the vulnerability is due to an error in the Oracle Database server that fails to sufficiently validate the length field of the AUTHSESSKEY...
Oracle Database 10.1.0.5 < 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow
include include include include include include void ssend SOCKET s, char msg, DWORD size int sent; printf "ssend: begin: %d bytes\n", size; sent=send s, charmsg, size, 0; if sent==SOCKETERROR printf "send - SOCKETERROR, WSAGetLastError=%d\n", WSAGetLastError; else if sent!=size printf "sent only...