Buffer overflow

Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

Buffer overflow

Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2OLAPAWAWUTIL, a different vulnerability than CVE-2008-3991...

Design/Logic Flaw

Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMSCDCIPUBLISH...

Design/Logic Flaw

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM...

CVE-2008-3982

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and...

CVE-2008-3983

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and...

CVE-2008-2625

CVE-2008-2625 is an Oracle Database proxy-authentication bypass affecting the Core RDBMS. The connected sources describe an authentication bypass through TNS proxy login, allowing a new connection to impersonate an existing session without passwords. Affected products/versions cited include Oracl...

CVE-2008-3984

CVE-2008-3982, CVE-2008-3983, and CVE-2008-3984 are SQL injection flaws in Oracle Workspace Manager (SYS.LT.*: MERGEWORKSPACE, COMPRESSWORKSPACE, REMOVEWORKSPACE) that allow a remote authenticated user to affect confidentiality and integrity. Public details show Metasploit modules targeting SYS.L...

CVE-2008-4005

Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2008-3995

Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMSCDCPUBLISH...

CVE-2008-3980

Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2008-3984

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and...

CVE-2008-3992

CVE-2008-3992 involves an unspecified vulnerability in the Oracle Data Mining component of Oracle Database 10.2.0.4, allowing remote authenticated users to affect confidentiality and integrity (related to DMSYS.DBMS_DM_EXP_INTERNAL). Connected documents confirm this CVE is among Oracle’s October ...

CVE-2008-3995

CVE-2008-3995 affects Oracle Database (10gR1/10gR2/11gR1) Change Data Capture component. The root cause is an SQL injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE, exploitable by any user with EXECUTE privilege on the package. Impact per sources: remote authenticated access that can ...

CVE-2008-2625

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not...

CVE-2008-3996

Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMSCDCIPUBLISH...

Oracle Database Server 11.1 - CREATE ANY Directory Privilege Escalation

Oracle Database Server 11.1 - CREATE ANY Directory Privilege Escalation source: https://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA...

Oracle Database Server 11.1 - 'CREATE ANY Directory' Privilege Escalation

source: https://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA privileges on the vulnerable database server. This issue affects Oracle...

Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory SQL Injection in Oracle Database DBMSDEFERSYS.DELETETRAN August 4, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR1, 9iR2, 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes Authentication to...

python written oracle database passwords scanning tools-vulnerability warning-the black bar safety net

Nothing else, write a small tool. Sweep the oracle password. The level is limited, the python did not get to the bottom, even in the writing tool of the time"or"this conditional statement will not. So everyone will. -----------------------oracle's password,user scan -----------------------code by...