EUVD-2002-0556

Malware in sbrugna...

Oracle PL/SQL Gateway fails to properly validate HTTP requests

Overview The Oracle PL/SQL Gateway fails to properly validate HTTP requests. This may allow a remote attacker to execute SQL commands on an Oracle database. Description Oracle uses the Oracle PL/SQL Gateway to access Oracle databases over HTTP. A lack of validation in the Oracle PL/SQL Gateway ma...

Oracle 9iAS OWA UTIL access

Oracle 9iAS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...

CVE-2002-0561

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings...

CVE-2002-0561

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings...

CVE-2002-0561

CVE-2002-0561 affects Oracle 9i Application Server's PL/SQL Gateway web administration interface. The default configuration uses null authentication, allowing remote attackers to bypass access controls and modify DAD/settings via the PL/SQL gateway administration pages. Details in connected advis...

Oracle9i Application Server PL/SQL Gateway web administration interface uses null authentication by default

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle 9i Application Server iAS. In its default configuration, the PL/SQL module grants unauthenticated access to the PL/SQL gateway web-based administration interface. Description...