Oracle CREATE_CHANGE_TABLE procedure vulnerable to PL/SQL injection

Overview The Oracle CREATECHANGETABLE procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle CREATECHANGETABLE procedure fails to properly filter us...

Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection

Overview The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection...

Oracle DBMS绕过登录访问控制漏洞

BUGTRAQ ID: 16287 CVECAN ID: CVE-2006-0256 Oracle Database是一款大型商业数据库系统。 Oracle Database的登录过程实现存在漏洞，远程攻击者可能在登录过程中对服务器进行SQL注入攻击。...

Oracle SYS.DBMS_METADATA_UTIL软件包SQL注入漏洞

Oracle Database是一款商业性质大型数据库系统。 Oracle SYS.DBMSMETADATAUTIL软件包的LONG2VARCHAR、LONG2VCMAX、LONG2VCNT和LONG2CLOB函数中存在4个SQL注入漏洞。成功利用这些漏洞的远程攻击者可以完全入侵受影响的数据库系统。 Oracle 10g Release 1 Oracle ------ Oracle已经为此发布了一个安全公告（cpujan2006）以及相应补丁: cpujan2006：Oracle Critical Patch Update - January 2006...

Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection

Overview A vulnerability in Oracle PL/SQL Export Extensions may allow an attacker to modify privileged database information. Description Oracle Extensions, ODCIIndex Interface, andODCIIndexGetMetadata Oracle extensions are used to create customized Oracle database constructs. An indextype is an...

Oracle views fail to enforce table security settings

Overview A vulnerability in the way Oracle handles views may allow an attacker to modify privileged database information. Description Database Views A view is a queryable aggregation of data from one or more tables that is stored and maintained. The Problem A vulnerability in the way that Oracle...

US-CERT Technical Cyber Security Alert TA06-109A -- Oracle Products Contain Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-109A Oracle Products Contain Multiple Vulnerabilities Original release date: April 19, 2006 Last revised: -- Source: US-CERT Systems Affected Oracle Database 10g Oracle9i Database Oracle8...

Oracle Application Object Library vulnerability

Overview An unspecified vulnerability in the Oracle Application Object Library may allow a remote, unauthenticated attacker to compromise system integrity and confidentiality. Description Oracle Application Object Library contains a vulnerability.The details of this vulnerability are not clear...

Oracle Reporting Framework vulnerability

Overview An unspecified vulnerability in the Oracle Reporting Framework may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Reporting Framework contains a vulnerability.The details of this vulnerability are not clear. However, Oracle...

Solaris 8 (x86) : 109765-06

SunOS 5.8x86: /kernel/fs/hsfs patch. Date this patch was last updated by Sun : Feb/21/06 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

[VulnWatch] [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}

Argeniss Security Advisory Name: Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMSXMLSCHEMAINT Affected Software: Oracle Database Server versions 9iR2 and 10gR1 Severity: High Remote exploitable: Yes Authentication to Database Server is needed Credits: Esteban...

Oracle Text SQL injection vulnerability

Overview Oracle Text is vulnerable to SQL injection, which could allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description According to Oracle:Oracle Text uses standard SQL to index, search, and analyze text and documents stored in the Oracle...

US-CERT Technical Cyber Security Alert TA06-018A -- Oracle Products Contain Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-018A Oracle Products Contain Multiple Vulnerabilities Original release date: January 18, 2006 Last revised: -- Source: US-CERT Systems Affected Oracle Database 10g Oracle9i Database...

[Full-disclosure] Oracle Reports - Read parts of files via desname (fixed after 874 days)

Hello FD-Reader It took only 874 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyfi le.html...

[Full-disclosure] Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext

Hello FD-Reader Event 10053 logs the TDE masterkey in cleartext into the trace file. Oracle fixed this problem with CPU January 2006. http://www.red-database-security.com/advisory/oracletdewalletpassword .html Name Event 10053 logs TDE wallet password in cleartext Systems Oracle Database 10g...

[Full-disclosure] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)

Hello FD-Reader It took only 889 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsoverwritea...

Oracle Enterprise Manager Agent buffer overflow

Added: 11/30/2005 CVE: CVE-2005-3460 BID: 15146 OSVDB: 20664 Background Oracle Application Server 10g includes the emagent.exe program which listens for connections on port 1830/TCP by default. Problem A buffer overflow vulnerability in emagent.exe could allow a remote attacker to execute arbitra...

Oracle October 2005 CPU Problems

Examining the Oracle October 2005 Critical Patch Update in depth, NGSResearchers discovered a number of problems which have all since been reported to Oracle. As well as new vulnerabilities and problems with the patches for old vulnerabilities, the October 2005 CPU fails to install the patched...

Oracle Database Server buffer overflow in Security Component

Overview The Oracle Database Server Security Component contains a buffer overflow. Exploitation may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A lack of input validation in the Oracle Database Server Security Component may allow a buffer...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...