CVE-2005-0297

SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges...

Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i

Researchers at NGSSoftware have discovered multiple high risk vulnerabilities in the Oracle Database Server. Versions affected include Oracle Database 10g - All Releases Oracle9i Database Server - All Releases The vulnerabilities include PL/SQL Injection vulnerabilities that allow low privileged...

CVE-2004-0638

Buffer overflow in the KSDWRTB function in the dbmssystem package dbmssystem.ksdwrt for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument...

Oracle Trigger Abuse (#NISR2122004I)

NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i Trigger Abuse Systems Affected: Oracle 10g/9i on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

Oracle extproc directory traversal (#NISR23122004B)

NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i extproc directory traversal Systems Affected: Oracle 10g/9i on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

Oracle extproc local command execution (#NISR23122004C)

NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i extproc local command execution Systems Affected: Oracle 10g/9i on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

[Full-Disclosure] iDEFENSE Security Advisory 09.02.04a: Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability

Oracle Database Server dbmssystem.ksdwrt Buffer Overflow Vulnerability iDEFENSE Security Advisory 09.02.04a www.idefense.com/application/poi/display?id=135&type=vulnerabilities September 2, 2004 I. BACKGROUND Oracle Database Server is a family of database products that range from personal databas...

Oracle Database Server 8.1.79.0.x - ctxsys.driload Access Validation

Oracle Database Server 8.1.79.0.x - ctxsys.driload Access Validation source: https://www.securityfocus.com/bid/11099/info Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database. SQ...

Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation

source: https://www.securityfocus.com/bid/11099/info Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database. SQL exec ctxsys.driload.validatestmt 'create user hacker identified by...

[Full-Disclosure] iDEFENSE Security Advisory 09.02.04b: Oracle Database Server ctxsys.driload Access Validation Vulnerability

Oracle Database Server ctxsys.driload Access Validation Vulnerability iDEFENSE Security Advisory 09.02.04b www.idefense.com/application/poi/display?id=136&type=vulnerabilities September 2, 2004 I. BACKGROUND Oracle Database Server is a family of database products that range from personal database...

CVE-2004-0637

Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible...

US-CERT Technical Cyber Security Alert TA04-245A -- Multiple Vulnerabilities in Oracle Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA04-245A Multiple Vulnerabilities in Oracle Products Original release date: September 1, 2004 Last revised: -- Source: US-CERT Systems Affected The following Oracle applications are affected: Oracle Database 10g Release...

[Full-Disclosure] [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server

AppSecInc Advisory: Multiple vulnerabilities in Oracle Database Server Date: August 31, 2004 Detailed Information Provided Online At: http://www.appsecinc.com/resources/alerts/oracle/2004-0001/ Credit: These vulnerabilities were researched and discovered by Cesar Cerrudo and Esteban Martinez Fayo...

Oracle Database Multiple Remote Vulnerabilities (Mar 2005)

The remote Oracle Database, according to its version number, contains a remote command execution vulnerability that may allow an attacker who can execute SQL statements with certain privileges to execute arbitrary commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. i...

CVE-2003-0095

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP...

CVE-2003-0095

The CVE-2003-0095 entry concerns a buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6. The vulnerability permits remote code execution via a long username supplied during login, exploitable through client applications that perform their own authentication, demonstra...

Oracle Database Server contains several vulnerabilities

Overview Several vulnerabilities exist in the Oracle Database Server and Listener. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system. Description Oracle Database 1...

[VulnWatch] Patch available for multiple critical flaws in Oracle

Researchers at NGSSoftware have discovered multiple critical vulnerabilities in Oracle Database Server and Oracle Application Server. Versions affected include Oracle Database 10g Release 1 Version 10.1.0.2 Oracle9i Database Server Release 2, versions 9.2.0.4 and 9.2.0.5 Oracle9i Database Server...

CVE-2004-1366

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges...

Oracle9i Database - Default Library Directory Privilege Escalation

source: https://www.securityfocus.com/bid/10829/info Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error that will permit the attacker to replace libraries required by setuid...