Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET

The module exploits an sql injection flaw in the CREATECHANGESET procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module requires...

Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE

The module exploits an sql injection flaw in the DROPCHANGESOURCE procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module require...

Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Oracle Database SQL Injection in SYS.DBMSCDCIPUBLISH.ALTERHOTLOGINTERNALCSOURCE November 12, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes...

CVE-2002-1636

CVE-2002-1636 affects Oracle 9i Application Server (9iAS) via the htp PL/SQL package. The vulnerability exists in htp.print where user-supplied cbuf can inject arbitrary script/HTML, enabling remote XSS. No remediation or fix version is provided in the supplied documents.

Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"

Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...