2885 matches found
CVE-2002-1767
CVE-2002-1767 describes a buffer overflow in Oracle 8i Database Server 8.1.5 for Linux, specifically in tnslsnr, that allows local users to execute arbitrary code as the oracle user via a long command line argument. The affected component is the tnslsnr process; root cause is improper handling of...
CVE-2005-1197
SQL injection vulnerability in the SYS.DBMSCDCIPUBLISH.CREATESCNCHANGESET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGESETNAME parameter...
CVE-2005-1197
CVE-2005-1197 is a SQL injection vulnerability in Oracle Database Server 10g affecting the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure via the CHANGE_SET_NAME parameter. Remote attackers could potentially execute arbitrary SQL commands; impact and remediation details are not specified i...
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple SQL Injection vulnerabilities in DBMSCDCSUBSCRIBE and DBMSCDCISUBSCRIBE packages AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-02.html April 18, 2005 Affected Versions: Oracle Database Server...
[AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SQL Injection in ALTERMANUALLOGCHANGESOURCE procedure AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-04.html April 18, 2005 Affected versions: Oracle Database Server version 10g Risk level: High Credits:...
[AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denial of Service in Oracle interMedia AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-01.html April 18, 2005 Affected versions: Oracle Database Server versions 9i and 10g Risk level: Medium Credits: This...
Multiple High Risk flaws fixed in Oracle
David Litchfield of NGSSoftware has discovered multiple high risk vulnerabilities in Oracle's Database Server. Versions affected include Oracle Database 10g Release 1 Version 10.1.0.2, 10.1.0.3, 10.1.0.3.1 and 10.1.0.4 Oracle9i Database Server Release 2, versions 9.2.0.5 and 9.2.0.6 Oracle9i...
Oracle Database Server 10.1.0.2 - Local Buffer Overflow
Oracle Database Server 10.1.0.2 - Local Buffer Overflow / Advanced SQL Injection in Oracle databases Exploit for the buffer overflow vulnerability in procedure MDSYS.MD2.SDOCODESIZE of Oracle Database Server version 10.1.0.2 under Windows 2000 Server SP4. Fixes available at...
Oracle Database Server 10.1.0.2 - Local Buffer Overflow
/ Advanced SQL Injection in Oracle databases Exploit for the buffer overflow vulnerability in procedure MDSYS.MD2.SDOCODESIZE of Oracle Database Server version 10.1.0.2 under Windows 2000 Server SP4. Fixes available at http://metalink.oracle.com. The exploit creates a SYSDBA user ERIC with a...
XMB Forum < 1.9.8 SQL Injection and XSS Vulnerabilities
Binary data 2747.prm...
Mandrake Linux Security Advisory : MySQL (MDKSA-2005:060)
A number of vulnerabilities were discovered by Stefano Di Paola in the MySQL server : If an authenticated user had INSERT privileges on the 'mysql' database, the CREATE FUNCTION command allowed that user to use libc functions to execute arbitrary code with the privileges of the user running the...
USN-96-1: mySQL vulnerabilities
Stefano Di Paola discovered three privilege escalation flaws in the MySQL server: - If an authenticated user had INSERT privileges on the 'mysql' administrative database, the CREATE FUNCTION command allowed that user to use libc functions to execute arbitrary code with the privileges of the...
ARGENISS-ADV-030501.txt
Argeniss Security Advisory Name: Oracle Database Server Directory transversal Affected Software: Oracle Database Server versions 8i and 9i Severity : Medium Remote exploitable: Yes Authentication to Database Server is needed Credits: Cesar Cerrudo Date: 03/07/05 Advisory Number: ARG030501 Details...
CVE-2005-0701
Oracle Database Server 8i/9i is affected by a directory traversal vulnerability in the UTL_FILE package (FOPEN, FRENAME) that allows remote attackers to read or rename arbitrary files via crafted ... sequences. The issue stems from insufficient input validation on file-path arguments to UTL_FILE...
- Argeniss - Oracle Database Server Directory transversal
Argeniss Security Advisory Name: Oracle Database Server Directory transversal Affected Software: Oracle Database Server versions 8i and 9i Severity : Medium Remote exploitable: Yes Authentication to Database Server is needed Credits: Cesar Cerrudo Date: 03/07/05 Advisory Number: ARG030501 Details...
Oracle Database Server UTL_FILE Directory Traversal File Access
Binary data 2680.prm...
Oracle Database 8i9i - Multiple Directory Traversal Vulnerabilities
Oracle Database 8i9i - Multiple Directory Traversal Vulnerabilities source: https://www.securityfocus.com/bid/12749/info Oracle Database server is reported prone to multiple directory traversal vulnerabilities that may allow a remote attacker to read, write, or rename arbitrary files with the...
PostgreSQL Database Server privilege escalation
By using LOAD command it's possible to load dynamic library with server process privileges. Buffer overflow on large cursor's arguments number. Protection bypass on functions execution...
Multiple Oracle Database Server security problems
SQL injection, privilege escalation, buffer overflows...
CVE-2004-1367
CVE-2004-1367 affects Oracle 10g Database Server. When installed with a password containing an exclamation point for the DBSNMP or SYSMAN user, an error is logged to the world‑readable postDBCreation.log, potentially exposing the password to local users who could use it against SYS or SYSTEM acco...