34 matches found
Oracle 10g R2 and, probably, all previous versions
I can't believe it. Oracle releases new patches and they have not been solved one of the main problems: A user with only the SELECT privilege can do WHATEVER SHE WANTS WITH THE ENTIRE DATABASE!!!! I'm not sure if is time to full disclosure it but, anyway, I will "full disclosure" one inocent issu...
CVE-2006-0548
SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...
Sql injection
SQL injection vulnerability in the SYS.DBMSMETADATAUTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being...
Sql injection
SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it...
Sql injection
SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...
CVE-2006-0549
SQL injection vulnerability in the SYS.DBMSMETADATAUTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being...
CVE-2006-0548
SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...
CVE-2006-0551
Technical details for CVE-2006-0551 are not publicly provided in the supplied documents. Monitoring for updates is advised, as the corpus does not specify affected versions, vectors, or remediation information.
CVE-2006-0548
CVE-2006-0548 : SQL injection in the Oracle Text component of Oracle Database 10g (and possibly earlier) . The vulnerability arises from inadequate input validation in Oracle Text, potentially allowing remote attackers to execute arbitrary SQL via unknown vectors. Public sources reference related...
[Full-disclosure] Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext
Hello FD-Reader Event 10053 logs the TDE masterkey in cleartext into the trace file. Oracle fixed this problem with CPU January 2006. http://www.red-database-security.com/advisory/oracletdewalletpassword .html Name Event 10053 logs TDE wallet password in cleartext Systems Oracle Database 10g...
[Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT
Oracle forgot to inform me that these vulnerabilities are also fixed. http://www.red-database-security.com/advisory/oraclesqlinjectionkupv$ ft.html SQL Injection in package SYS.KUPV$FT Name SQL Injection in package SYS.KUPV$FT Affected Oracle 10g Release 1 Severity High Risk Category SQL Injectio...
[Full-disclosure] Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA
Hello FD reader Oracle released the first critical patch update for 2006 with bugfixes for 82 vulnerabilities. http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html Additional information concerning the Oracle January 2006 CPU is available here...
CVE-2005-1495
Oracle Database 9i and 10g disables Fine Grained Audit FGA after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection...
Oracle Database 10g Multiple Remote Vulnerabilities
According to its version number, the installation of Oracle on the remote host is reportedly subject to multiple vulnerabilities, some of which don't require authentication. They may allow an attacker to craft SQL queries such that they would be able to retrieve any file on the system and...