Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow

Added: 11/03/2006 CVE: CVE-2006-0272 BID: 16287 OSVDB: 22567 Background Oracle Database Server includes the DBMSXMLSCHEMA component, which contains procedures for managing XML schemas. Problem A buffer overflow vulnerability in the DBMSXMLSCHEMA.GENERATESCHEMA procedure allows database users to...

Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow

Added: 11/03/2006 CVE: CVE-2006-0272 BID: 16287 OSVDB: 22567 Background Oracle Database Server includes the DBMSXMLSCHEMA component, which contains procedures for managing XML schemas. Problem A buffer overflow vulnerability in the DBMSXMLSCHEMA.GENERATESCHEMA procedure allows database users to...

动网(DVBBS)论坛上传文件漏洞

upfile.asp中有这样一句 formPath&yearnow&monthnow&daynow&hournow&minutenow&secondnow&ranNum&"."&fileExt...

Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow

Added: 10/26/2006 CVE: CVE-2006-5344 BID: 20588 OSVDB: 31462 Background The Oracle Spatial formerly SDO component of Oracle Database provides a set of functions which process multi-dimensional data. Problem A buffer overflow in the Oracle Spatial component allows an attacker with EXECUTE privileg...

Oracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow

Added: 10/26/2006 CVE: CVE-2006-5344 BID: 20588 OSVDB: 31462 Background The Oracle Spatial formerly SDO component of Oracle Database provides a set of functions which process multi-dimensional data. Problem A buffer overflow in the Oracle Spatial component allows an attacker with EXECUTE privileg...

Oracle 2006年10月更新修复多个安全漏洞

Oracle Database是一款商业性质大型数据库系统。 Oracle发布了2006年10月的紧急补丁更新公告，修复了多个Oracle产品中的多个漏洞。这些漏洞影响Oracle产品的所有安全属性，可导致本地和远程的威胁。其中一些漏洞可能需要各种级别的授权，但也有些不需要任何授权。最严重的漏洞可能导致完全入侵数据库系统。目前已知的漏洞包括： 1 以下软件包在处理SQL查询时存在SQL注入漏洞： DBMSXDBZ SDODROPUSERBEFORE MD2 DBMSCDCIMPDP DBMSCDCIPUBLISH DBMSCDCISUBSCRIBE DBMSSQLTUNE...

Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection

Overview The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection...

Oracle CREATE_CHANGE_TABLE procedure vulnerable to PL/SQL injection

Overview The Oracle CREATECHANGETABLE procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle CREATECHANGETABLE procedure fails to properly filter us...

Oracle DBMS绕过登录访问控制漏洞

BUGTRAQ ID: 16287 CVECAN ID: CVE-2006-0256 Oracle Database是一款大型商业数据库系统。 Oracle Database的登录过程实现存在漏洞，远程攻击者可能在登录过程中对服务器进行SQL注入攻击。...

Oracle SYS.DBMS_METADATA_UTIL软件包SQL注入漏洞

Oracle Database是一款商业性质大型数据库系统。 Oracle SYS.DBMSMETADATAUTIL软件包的LONG2VARCHAR、LONG2VCMAX、LONG2VCNT和LONG2CLOB函数中存在4个SQL注入漏洞。成功利用这些漏洞的远程攻击者可以完全入侵受影响的数据库系统。 Oracle 10g Release 1 Oracle ------ Oracle已经为此发布了一个安全公告（cpujan2006）以及相应补丁: cpujan2006：Oracle Critical Patch Update - January 2006...

Oracle views fail to enforce table security settings

Overview A vulnerability in the way Oracle handles views may allow an attacker to modify privileged database information. Description Database Views A view is a queryable aggregation of data from one or more tables that is stored and maintained. The Problem A vulnerability in the way that Oracle...

Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection

Overview A vulnerability in Oracle PL/SQL Export Extensions may allow an attacker to modify privileged database information. Description Oracle Extensions, ODCIIndex Interface, andODCIIndexGetMetadata Oracle extensions are used to create customized Oracle database constructs. An indextype is an...

US-CERT Technical Cyber Security Alert TA06-109A -- Oracle Products Contain Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-109A Oracle Products Contain Multiple Vulnerabilities Original release date: April 19, 2006 Last revised: -- Source: US-CERT Systems Affected Oracle Database 10g Oracle9i Database Oracle8...

Oracle Application Object Library vulnerability

Overview An unspecified vulnerability in the Oracle Application Object Library may allow a remote, unauthenticated attacker to compromise system integrity and confidentiality. Description Oracle Application Object Library contains a vulnerability.The details of this vulnerability are not clear...

Oracle Reporting Framework vulnerability

Overview An unspecified vulnerability in the Oracle Reporting Framework may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Reporting Framework contains a vulnerability.The details of this vulnerability are not clear. However, Oracle...

Solaris 8 (x86) : 109765-06

SunOS 5.8x86: /kernel/fs/hsfs patch. Date this patch was last updated by Sun : Feb/21/06 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

[VulnWatch] [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}

Argeniss Security Advisory Name: Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMSXMLSCHEMAINT Affected Software: Oracle Database Server versions 9iR2 and 10gR1 Severity: High Remote exploitable: Yes Authentication to Database Server is needed Credits: Esteban...

Oracle Text SQL injection vulnerability

Overview Oracle Text is vulnerable to SQL injection, which could allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description According to Oracle:Oracle Text uses standard SQL to index, search, and analyze text and documents stored in the Oracle...

US-CERT Technical Cyber Security Alert TA06-018A -- Oracle Products Contain Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-018A Oracle Products Contain Multiple Vulnerabilities Original release date: January 18, 2006 Last revised: -- Source: US-CERT Systems Affected Oracle Database 10g Oracle9i Database...

[Full-disclosure] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)

Hello FD-Reader It took only 889 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsoverwritea...