Read parts of any file via desformat in Oracle Reports

Name Read parts of any file via desformat in Oracle Reports Systems Affected All version of Oracle Reports Severity Medium Risk Category Information disclosure Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-0...

Various Cross-Site-Scripting Vulnerabilities in Oracle Reports

Name Various Cross-Site-Scripting Vulnerabilities in Oracle Reports Systems Affected Oracle Reports 9.0.2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Inital bug report...

Run any OS Command via unauthorized Oracle Reports

Name Run any OS Command via unauthorized Oracle Reports Systems Affected Oracle Reports 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 19 July 2005 V 1.00 Advisory AKSEC2003-014...

[Full-disclosure] Silently fixed security bugs in Oracle Critical Patch Update July 2005

Hello BugTraq-Reader After reading the patch documentation and some tests with the CPU July 2005 I found out that Oracle fixed some security bugs silently without mention these bugs in their current risk matrix. Detailed information about most of these bugs are not available via Metalink but in...

Cross Site Scripting in Oracle Webcache 9i

Name Cross Site Scripting in Oracle Webcache 9i Systems Affected Oracle Application Server with Webcache 9i Severity Low Risk Category Cross Site Scripting Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 26 Apr 2005 V 1.00 Advisory AKSEC2003-011 Ti...