1229 matches found
US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-294A Oracle Updates for Multiple Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected Oracle Database 11g, version 11.1.0.7 Oracle Database 10g Release...
Oracle Releases Critical Patch Update
Oracle has released its Critical Patch Update for October 2009 to address 38 vulnerabilities across several database and server products. The update contains the following security fixes: 16 for the Oracle Database 3 for the Oracle Application Server 8 for the Oracle E-Business Suite and...
Security | Oracle Critical Patch Update - October 2009
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...
Oracle Mega-Patch Coming Next Tuesday
Oracle has announced plans to ship a Critical Patch Update CPU with fixes for at least 38 security vulnerabilities in a wide range of database and server products. The most serious vulnerabilities affect Oracle Core RDBMS, Oracle JRockit and Oracle Network Authentication. Read the Oracle advance...
Oracle Secure Backup property_box.php type parameter command execution
Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...
Oracle Secure Backup property_box.php type parameter command execution
Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...
Oracle Secure Backup property_box.php type parameter command execution
Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...
Oracle 11g (11.1.0.6) Password Policy and Compliance
Many security standards require the tracking of users' password history to prevent password re-use. In Oracle 11g 11.1.0.6, if a security administrator has enabled 11g passwords exclusively then tracking password history is broken. This can affect compliance. This was addressed by Oracle in their...
Oracle 11g (11.1.0.6) Password Policy and Compliance
Many security standards require the tracking of users' password history to prevent password re-use. In Oracle 11g 11.1.0.6, if a security administrator has enabled 11g passwords exclusively then tracking password history is broken. This can affect compliance. This was addressed by Oracle in their...
ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities
ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-09-059 -- CVE ID: CVE-2009-1978 -- Affected Vendors: Oracle -- Affected Products: Oracle Secure Backup -- Vulnerability Details: This vulnerability...
Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method
This module will escalate an Oracle DB user to DBA by exploiting a sql injection bug in the SYS.LT.FINDRICSET package via Evil Cursor technique. Tested on oracle 10.1.0.3.0 -- should work on thru 10.1.0.5.0 and supposedly on 11g. Fixed with Oracle Critical Patch update October 2007. This module...
Oracle Critical Patch Update Advisory - July 2009
Oracle Critical Patch Update Advisory - July 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...
09-07 CPU Advisory
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...
Oracle Secure Backup login.php ora_osb_lcookie command execution
Added: 06/22/2009 CVE: CVE-2008-4006 BID: 33177 OSVDB: 51343 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...
Oracle Secure Backup login.php ora_osb_lcookie command execution
Added: 06/22/2009 CVE: CVE-2008-4006 BID: 33177 OSVDB: 51343 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...
Oracle Secure Backup login.php ora_osb_lcookie command execution
Added: 06/22/2009 CVE: CVE-2008-4006 BID: 33177 OSVDB: 51343 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...
Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener (PoC)
Oracle RDBms 10.2.0.311.1.0.6 - TNS Listener PoC TNS Listener Oracle RDBMS exploit, cause trap in Listener process more precisely: in function memcpy called from ncrfintn function which is located in oranro11.dll Successfully working with Oracle RDBMS Win32 11.1.0.6.0 and Oracle RDBMS Win32...
Oracle 2009年4月紧急补丁更新修复多个漏洞
BUGTRAQ ID: 34461 CVECAN ID:...
Oracle plugs critical database server holes
Oracle has released the first Critical Patch Update for 2009 to provide fixes for at least address 43 vulnerabilities across several database server products. The mega update oracle.com, released on the same day Microsoft released its own security patches, plugs at least 16 holes in the company’s...
cpuapr2009.html
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...