Lucene search
+L

34 matches found

securityvulns
securityvulns
added 2006/07/28 12:0 a.m.32 views

Oracle 10g R2 and, probably, all previous versions

I can't believe it. Oracle releases new patches and they have not been solved one of the main problems: A user with only the SELECT privilege can do WHATEVER SHE WANTS WITH THE ENTIRE DATABASE!!!! I'm not sure if is time to full disclosure it but, anyway, I will "full disclosure" one inocent issu...

0.5AI score
Exploits0
NVD
NVD
added 2006/02/04 2:2 a.m.24 views

CVE-2006-0548

SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...

7.5CVSS7.7AI score0.04278EPSS
Exploits0References6
Prion
Prion
added 2006/02/04 2:2 a.m.26 views

Sql injection

SQL injection vulnerability in the SYS.DBMSMETADATAUTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being...

7.5CVSS7.9AI score0.08475EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2006/02/04 2:2 a.m.38 views

Sql injection

SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it...

7.5CVSS7.9AI score0.04724EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2006/02/04 2:2 a.m.26 views

Sql injection

SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...

7.5CVSS8AI score0.04724EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/02/04 2:0 a.m.35 views

CVE-2006-0549

SQL injection vulnerability in the SYS.DBMSMETADATAUTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being...

7.6AI score0.08475EPSS
Exploits0References7
Cvelist
Cvelist
added 2006/02/04 2:0 a.m.30 views

CVE-2006-0548

SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created...

7.7AI score0.04278EPSS
Exploits0References6
CVE
CVE
added 2006/02/04 2:0 a.m.54 views

CVE-2006-0551

Technical details for CVE-2006-0551 are not publicly provided in the supplied documents. Monitoring for updates is advised, as the corpus does not specify affected versions, vectors, or remediation information.

7.5CVSS7.6AI score0.04278EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/02/04 2:0 a.m.59 views

CVE-2006-0548

CVE-2006-0548 : SQL injection in the Oracle Text component of Oracle Database 10g (and possibly earlier) . The vulnerability arises from inadequate input validation in Oracle Text, potentially allowing remote attackers to execute arbitrary SQL via unknown vectors. Public sources reference related...

7.5CVSS7.7AI score0.04278EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2006/01/18 12:0 a.m.38 views

[Full-disclosure] Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext

Hello FD-Reader Event 10053 logs the TDE masterkey in cleartext into the trace file. Oracle fixed this problem with CPU January 2006. http://www.red-database-security.com/advisory/oracletdewalletpassword .html Name Event 10053 logs TDE wallet password in cleartext Systems Oracle Database 10g...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/01/18 12:0 a.m.37 views

[Full-disclosure] Oracle Database 10g Rel. 1 - SQL Injection in SYS.KUPV$FT

Oracle forgot to inform me that these vulnerabilities are also fixed. http://www.red-database-security.com/advisory/oraclesqlinjectionkupv$ ft.html SQL Injection in package SYS.KUPV$FT Name SQL Injection in package SYS.KUPV$FT Affected Oracle 10g Release 1 Severity High Risk Category SQL Injectio...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/01/18 12:0 a.m.80 views

[Full-disclosure] Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA

Hello FD reader Oracle released the first critical patch update for 2006 with bugfixes for 82 vulnerabilities. http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html Additional information concerning the Oracle January 2006 CPU is available here...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2005/05/11 4:0 a.m.33 views

CVE-2005-1495

Oracle Database 9i and 10g disables Fine Grained Audit FGA after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection...

9.2AI score0.03208EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2005/04/13 12:0 a.m.90 views

Oracle Database 10g Multiple Remote Vulnerabilities

According to its version number, the installation of Oracle on the remote host is reportedly subject to multiple vulnerabilities, some of which don't require authentication. They may allow an attacker to craft SQL queries such that they would be able to retrieve any file on the system and...

7.5CVSS5.7AI score0.4167EPSS
Exploits10References4
Rows per page
Query Builder