3 matches found
Oracle Advanced Replication组件REPCAT_RPC.VALIDATE_REMOTE_RC()函数权限提升漏洞
BUGTRAQ ID: 35685 CVE ID: CVE-2009-1021 Oracle Database是一款商业性质大型数据库系统。 Oracle数据库Advanced Replication组件中的REPCATRPC.VALIDATEREMOTERC函数执行了可能受控的匿名PL/SQL。该函数取当前登录用户名为第一个参数,第二个参数VALIDATESTRING直接放到了PLSQL的匿名块中并执行: ... ... SQLCURSOR := DBMSSQL.OPENCURSOR; DBMSSQL.PARSESQLCURSOR, 'BEGIN ' || ' :err :=...
Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection (CVE-2009-1021)
Oracle Database Server is an enterprise-level relational database application suite. An SQL injection vulnerability has been reported in Oracle Database server. Remote authenticated attackers having Create Session privileges can exploit this vulnerability to inject and execute malicious SQL...
CVE-2009-1021
CVE-2009-1021 affects Oracle Database Advanced Replication (REPCAT_RPC.VALIDATE_REMOTE_RC) and can be exploited by remote authenticated users to impact confidentiality and integrity. Affected versions include Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3. The vulnerability arises fro...