Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)

Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...

CVE-2004-0637

Oracle Database Server versions 8.1.7.4 through 9.2.0.4 are affected by a privilege-escalation vulnerability in the publicly accessible ctxsys.driload package. An authenticated user can invoke ctxsys.driload to execute arbitrary SQL statements with DBA privileges, enabling actions such as creatin...