Oracle unauthenticated remote system compromise (#NISR16022003a)

NGSSoftware Insight Security Research Advisory Name: Oracle unauthenticated remote system compromise Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.oracle.com Author...

Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)

NGSSoftware Insight Security Research Advisory Name: Oracle TOTIMESTAMPTZ Remote System Buffer Overrun Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL: http://www.oracle.com Author:...

Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)

NGSSoftware Insight Security Research Advisory Name: Oracle TZOFFSET Remote System Buffer Overrun Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL: http://www.oracle.com Author: Mark...

Oracle 9.x - Database Statement Buffer Overflow

Oracle 9.x - Database Statement Buffer Overflow source: https://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL,...

Oracle 9.x - 'Database' / Statement Buffer Overflow

source: https://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and FROMTZ functions. Excessive data pass...

CVE-2002-1767

Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument...

ora-isqlplus.txt

NGSSoftware Insight Security Research Advisory Name: Oracle iSQLPlus buffer overflow Systems: Oracle Database 9i R1,2 on all operating systems Severity: High Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Advisory URL:...

Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)

NGSSoftware Insight Security Research Advisory Name: Oracle iSQLPlus buffer overflow Systems: Oracle Database 9i R1,2 on all operating systems Severity: High Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Advisory URL:...

Oracle 8.1.x9.09.2 - TNS Listener Service_CurLoad Remote Denial of Service

Oracle 8.1.x9.09.2 - TNS Listener ServiceCurLoad Remote Denial of Service source: https://www.securityfocus.com/bid/5678/info The Oracle TNS Listener program is a remote connectivity service for Oracle Databases. Under some circumstances, it may be possible for a remote user to crash TNS Listener...

CVE-2002-0571

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax...

SAP R/3 on Oracle: vulnerable Default Installation

SAP R/3 on Oracle: vulnerable Default Installation Topic: SAP R/3 on Oracle: vulnerable Default Installation Module: Default Oracle Listener Configuration Announced: 2002-04-27 Affects: All R/3 Releases using SQLnet V2 3.x, 4.x, 6.10 Vendor: 1SAP AG, Walldorf, Germany Vendor-Status: 2002-03-03:...

Unauthorized access via OUTER JOIN in Oravle

It's possible to access tables not granted to access...

Oracle 9iAS creates temporary files when processing JSP requests that are world-readable

Overview Oracle Database Server version 9iAS makes JSP source code publicly available. The source code may be used by attackers to analyze proprietary business logic or uncover Oracle's network configuration, usernames, and/or passwords. Description When Oracle receives a request for JSP file, it...

Oracle 9iAS default configuration uses well-known default passwords

Overview Oracle Database Server version 9iAS installs with up to 160 distinct default login accounts. The usernames and passwords for these have been made publicly available and could be used by an attacker to gain access to an Oracle server. Description Depending on the components chosen at...

Oracle 9iAS default configuration allows access to "globals.jsa" file

Overview Oracle Database Server version 9iAS allows remote users to view the "globals.jsa" file used by Java Server Page JSP scripts. The "globals.jsa" file may contain Oracle usernames, passwords, and other configuration information not intended for public viewing, and attackers may use that...

Oracle 9i Database Server PL/SQL module allows remote command execution without authentication

Overview Oracle Database Server allows remote users to execute system commands without authenticating. Description Oracle Database Server provides extended functionality through the use of Procedural Language/Structured Query Language PL/SQL libraries. PL/SQL includes commands to load arbitrary...

Remote Compromise in Oracle 9i Database Server

NGSSoftware Insight Security Research Advisory Name: Oracle Remote Compromise Systems Affected: Oracle 9, 8 Platforms: All Operating Systems Severity: High Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Date: 6th February 2002 Advisory number: NISR06022002A...

Oracle Database Server vulnerable to DoS via repeated requests to Oracle listener without connecting to redirected port

Overview Oracle Database Server may consume all available memory and crash if clients do not connect completely in the expected manner. Description When a connection request is made to Oracle for Windows NT, Oracle Database Server creates a new thread listening on a new port and redirects the...

FW: ASI Oracle Security Alert: 3 new security alerts

I have not seen the latest Oracle bugs on the list yet. 2 and 3 were credited to Juan Manuel Pascual EscribГ by Oracle. -----Original Message----- From: [email protected] mailto:[email protected] Sent: 23 October 2001 11:00 To: [email protected] Subject: ASI Oracle Security Alert: 3 n...

CVE-1999-1256

Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file...