SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL

SQL Injection in package SYS.DBMSUPGRADEINTERNAL Name SQL Injection in package SYS.DBMSUPGRADEINTERNAL 6980753 DB07 Systems Affected Oracle 8i-10g Rel. 2 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE...

SQL Injection in package SYS.DBMS_CDC_IMPDP

Name SQL Injection in package SYS.DBMSCDCIMPDP DB04 Systems Affected Oracle 10g Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 October 2006 V 1.00 Advisory...

Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]

Name SQL Injection in package SYS.KUPW$WORKER 6980775 DB03 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Advisory...

Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21]

Name SQL Injection in package SYS.DBMSSTATS 6980751 DB21 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Advisory...

Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]

Name SQL Injection in package SYS.DBMSCDCIMPDP 6980711 DB01 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Details The package SYS.DBMSCDCIMPDP contains...

[Full-disclosure] Oracle Reports - Read parts of files via desname (fixed after 874 days)

Hello FD-Reader It took only 874 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyfi le.html...

[Full-disclosure] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)

Hello FD-Reader It took only 889 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsoverwritea...

[Full-disclosure] Oracle Reports - Read parts of files via customize(fixed after 875 days)

Hello FD-Reader It took only 875 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyxm lfile.ht...

[Full-disclosure] Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA

Hello FD reader Oracle released the first critical patch update for 2006 with bugfixes for 82 vulnerabilities. http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html Additional information concerning the Oracle January 2006 CPU is available here...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_route

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

oracle_xmldb_css.txt

Cross-Site-Scripting Vulnerability in Oracle XMLDB Name Cross-Site-Scripting Vulnerability in Oracle XMLDB Systems Affected Oracle Database 9i Rel. 2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...

oracle_htmldb_css.txt

Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB Name Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB Systems Affected Oracle HTMLDB Severity Medium Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...

oracle_isqlplus_css.txt

Cross-Site-Scripting Vulnerability in Oracle iSQLPlus Name Cross-Site-Scripting Vulnerability in Oracle iSQLPlus Systems Affected Oracle Database 9i Rel. 2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...

[Full-disclosure] Shutdown TNS Listener via Oracle iSQL*Plus

Shutdown TNS Listener via Oracle iSQLPlus Name Shutdown TNS Listener via Oracle iSQLPlus Systems Affected Oracle Database 9i Rel. 2 Severity Medium Risk Category Denial of Service Vendor URL http://www.oracle.com This advisory http://www.red-database-security.com/advisory/oracleisqlplusshutdown.h...

[Full-disclosure] Shutdown TNS Listener via Oracle Forms Servlet

Shutdown TNS Listener via Oracle Forms Servlet Name Shutdown TNS Listener via Oracle Forms Servlet Systems Affected Oracle Forms Severity Medium Risk Category Denial of Service Vendor URL http://www.oracle.com This advisory http://www.red-database-security.com/advisory/oracleformsshutdown.html...

[Full-disclosure] Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus

Cross-Site-Scripting Vulnerability in Oracle iSQLPlus Name Cross-Site-Scripting Vulnerability in Oracle iSQLPlus Systems Affected Oracle Database 9i Rel. 2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...

[Full-disclosure] Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB

Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB Name Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB Systems Affected Oracle HTMLDB Severity Medium Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...

[Full-disclosure] Cross-Site-Scripting Vulnerability in Oracle XMLDB

Cross-Site-Scripting Vulnerability in Oracle XMLDB Name Cross-Site-Scripting Vulnerability in Oracle XMLDB Systems Affected Oracle Database 9i Rel. 2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...