2 matches found
Team SHATTER Security Advisory: SQL Injection in Oracle Enterprise Manager (TARGET Parameter)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager TARGET Parameter January 29, 2009 Risk Level: Medium Affected versions: Oracle Enterprise Manager 10g Grid Control 10.2.0.4 and previous patchsets Remote exploitable: Yes...
CVE-2008-5447
CVE-2008-5447 affects Oracle Enterprise Manager 10g Grid Control 10.2.0.4 and earlier. A SQL Injection flaw was identified in the TARGET parameter of the web page /em/console/reports/admin, allowing a user with at least VIEW privileges to execute SQL as the SYSMAN repository user with elevated pr...