4 matches found
Oracle Database Server CREATE_TABLES SQL Injection (CVE-2009-1991)
The Oracle Database server is an enterprise-level relational database application suite. An SQL injection vulnerability has been reported in Oracle Database server. The vulnerability is due to an input validation error in the Oracle Database server CREATETABLES function. A remote attacker can...
Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others
Hi! I've just released the working exploit for CTXSYS.DRVXTABC.CREATETABLES injection on Oracle DB 9i/10g CVE-2009-1991 You can find the code on my site, http://rawlab.mindcreations.com In particular, Classic SQL injection:...
CVE-2009-1991
CVE-2009-1991 affects Oracle Database (9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4) in the CTXSYS.DRVXTABC.CREATE_TABLES PL/SQL call. The vulnerability is a SQL injection in the create_tables procedure (idx_owner and idx_name parameters) that can be exploited by remote authenticated users, impacting c...
Oracle Database 10G CTXSYS.DRVXTABX — PLSQL Injection
Application: Oracle Database 10G Versions Affected: Oracle 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 Vendor URL: Bugs: PL/SQL Injections Exploits: YES Reported: 29.01.2008 Vendor response: 31.01.2008 CVE: CVE-2009-1991 SVSS2: 3.6 Date of Public Advisory: 26.10.2009 Solution: YES Non official Author:...