1405 matches found
Oracle Database Server Workspace Manager Multiple SQL Injection (CVE-2008-3982)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server LT.ROLLBACKWORKSPACE SQL Injection (CVE-2009-0978)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server XDB PITRIG_TRUNCATE Procedure Buffer Overflow (CVE-2008-0339)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, e.g., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server DBMS_AQELM Package Buffer Overflow (CVE-2008-2607)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, e.g., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server XDB.DBMS_XMLSCHEMA Buffer Overflow (CVE-2006-0272)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server DBMS_METADATA Package SQL Injection (CVE-2005-1197)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided to the database user i...
Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)
Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...
Oracle Database Server MDSYS.SDO_LRS Package SQL Injection (CVE-2006-5340)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server SYS.LT.FINDRICSET Function SQL Injection (CVE-2007-5511)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server SQL Injection In Package SYS.KUPV (CVE-2006-0586)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection (CVE-2009-1021)
Oracle Database Server is an enterprise-level relational database application suite. An SQL injection vulnerability has been reported in Oracle Database server. Remote authenticated attackers having Create Session privileges can exploit this vulnerability to inject and execute malicious SQL...
Oracle Database Server Detection
Binary data 4995.prm...
Oracle Secure Backup NDMP Packet Handling Multiple Denial of Service (CVE-2008-5441)
Oracle Database Server is an enterprise-level relational database application suite. Oracle Secure Backup is a backup solution allowing for single point of management of data present on network attached storage NAS devices and distributed hosts. Oracle Secure Backup is using NDMP protocol to...
Oracle Secure Backup NDMP CONNECT_CLIENT_AUTH Command Buffer Overflow (CVE-2008-5444)
Oracle Database Server is an enterprise-level relational database application suite. Oracle Secure Backup is a backup solution allowing for single point of management of data present on network attached storage NAS devices and distributed hosts. Oracle Secure Backup is using NDMP protocol to...
CVE-2008-6065
Oracle Database Server 10.1/10.2/11g vulnerability: GRANTs for CREATE ANY DIRECTORY plus CREATE OR REPLACE DIRECTORY aliasing allow remote authenticated users to abuse aliased pathnames to overwrite the password file via UTL_FILE, potentially elevating to SYSDBA. Root cause is directory permissio...
Oracle Database Server 11.1 - 'CREATE ANY Directory' Privilege Escalation
source: https://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA privileges on the vulnerable database server. This issue affects Oracle...
Oracle Database Server <= 10.1.0.2 Buffer Overflow Exploit
No description provided by source. / Advanced SQL Injection in Oracle databases Exploit for the buffer overflow vulnerability in procedure MDSYS.MD2.SDOCODESIZE of Oracle Database Server version 10.1.0.2 under Windows 2000 Server SP4. Fixes available at http://metalink.oracle.com. The exploit...
Buffer overflow
Buffer overflow in MDSYS.SDOCS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service crash and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515,...
CVE-2007-5897
Buffer overflow in MDSYS.SDOCS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service crash and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515,...
CVE-2007-5897
Buffer overflow in Oracle Database Server (MDSYS.SDO_CS) allows remote authenticated users to crash the server and execute arbitrary code via the TRANSFORM function. Affected: Oracle 8iR3, 9iR1/2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4. Note: this CVE may be related to CVE-2007-5515, CVE-2007-550...