Oracle Database Server 10.1.0.2 - Local Buffer Overflow

/ Advanced SQL Injection in Oracle databases Exploit for the buffer overflow vulnerability in procedure MDSYS.MD2.SDOCODESIZE of Oracle Database Server version 10.1.0.2 under Windows 2000 Server SP4. Fixes available at http://metalink.oracle.com. The exploit creates a SYSDBA user ERIC with a...

Oracle Database PL/SQL Statement - Multiple SQL Injections s

/ Advanced SQL Injection in Oracle databases Becoming the SYS user with SQL Injection. This script creates functions that can be injected to replace the password of the SYS user and to restore it to the original value. By Esteban Martinez Fayo [email protected] / ------------ -- Execute this as a...

Oracle 8.x/9.x/10.x Database - Multiple SQL Injections

source: https://www.securityfocus.com/bid/13144/info Oracle database is reported prone to multiple SQL injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. These issues can be exploited using malformed PL/SQL statements to pass unauthorized SQL...

Oracle Database 10.1 - MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow

source: https://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffe...

Oracle Database 10g Multiple Remote Vulnerabilities

According to its version number, the installation of Oracle on the remote host is reportedly subject to multiple vulnerabilities, some of which don't require authentication. They may allow an attacker to craft SQL queries such that they would be able to retrieve any file on the system and...

ARGENISS-ADV-030501.txt

Argeniss Security Advisory Name: Oracle Database Server Directory transversal Affected Software: Oracle Database Server versions 8i and 9i Severity : Medium Remote exploitable: Yes Authentication to Database Server is needed Credits: Cesar Cerrudo Date: 03/07/05 Advisory Number: ARG030501 Details...

CVE-2005-0701

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\.\.." modified dot dot backslash sequences to UTLFILE functions such as 1 UTLFILE.FOPEN or 2 UTLFILE.frename...

Oracle database UTL_FILE object directory traversal

Directory traversal in UTLFILE methods...

- Argeniss - Oracle Database Server Directory transversal

Argeniss Security Advisory Name: Oracle Database Server Directory transversal Affected Software: Oracle Database Server versions 8i and 9i Severity : Medium Remote exploitable: Yes Authentication to Database Server is needed Credits: Cesar Cerrudo Date: 03/07/05 Advisory Number: ARG030501 Details...

Oracle Database Server UTL_FILE Directory Traversal File Access

Binary data 2680.prm...

CVE-2005-0701

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\.\.." modified dot dot backslash sequences to UTLFILE functions such as 1 UTLFILE.FOPEN or 2 UTLFILE.frename...

Oracle Database 8i9i - Multiple Directory Traversal Vulnerabilities

Oracle Database 8i9i - Multiple Directory Traversal Vulnerabilities source: https://www.securityfocus.com/bid/12749/info Oracle Database server is reported prone to multiple directory traversal vulnerabilities that may allow a remote attacker to read, write, or rename arbitrary files with the...

Oracle Database 8i/9i - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/12749/info Oracle Database server is reported prone to multiple directory traversal vulnerabilities that may allow a remote attacker to read, write, or rename arbitrary files with the privileges of the Oracle Database server. The issues are reported to...

CVE-2005-0297

SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges...

CVE-2005-0297

CVE-2005-0297 concerns a SQL injection vulnerability in Oracle Database 9i and 10g that allows remote attackers to execute arbitrary SQL commands and gain privileges. The available documents identify the affected product family (Oracle Database 9i/10g) and the underlying issue (SQL injection) wit...

Multiple Oracle Database Server security problems

SQL injection, privilege escalation, buffer overflows...

[Full-Disclosure] Integrigy Security Advisory - High Risk Security Issues in the Oracle Database and Oracle Applications

Integrigy Security Advisory High Risk Security Issues in the Oracle Database and Oracle Applications Oracle Critical Patch Update - January 2005 January 19, 2005 Summary: Oracle has released the its first Critical Patch Update January 2005 and fixes 23 vulnerabilities in the Oracle Database, Orac...

CVE-2004-0638

Buffer overflow in the KSDWRTB function in the dbmssystem package dbmssystem.ksdwrt for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument...

CVE-2004-1366

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges...

Oracle Database Multiple Vulnerabilities (January 2005 CPU)

The remote Oracle Database, according to its version number, is vulnerable to several flaws, ranging from information disclosure about the remote host to code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...