Oracle 10g Database - 'SUBSCRIPTION_NAME' SQL Injection (1)

source: https://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter execute with 'SYS' user privilege...

CVE-2004-1367

Oracle 10g Database Server, when installed with a password that contains an exclamation point "!" for the 1 DBSNMP or 2 SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SY...