Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

Overview The Oracle SYS.DBMSAQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSAQ package fails to properly sanitize user input.This ma...

raptor_orafile.sql.txt

-- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi -- -- This is an example file system access suite for Oracle based on the utlfile -- package http://www.adp-gmbh.ch/ora/plsql/utlfile.htm...

raptor_oraextproc.sql.txt

-- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g -- allows remote attackers to access arbitrary libraries outsid...

Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit

No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...

Oracle <= 9i / 10g File System Access via utl_file Exploit

No description provided by source. -- -- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an example file system access suite for Oracle based on the...

Oracle 9i/10g - 'extproc' Local/Remote Command Execution

-- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g -- allows remote attackers to access arbitrary libraries...

Oracle 9i/10g - 'utl_file' FileSystem Access

-- -- $Id: raptororafile.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororafile.sql - file system access suite for oracle -- Copyright c 2006 Marco Ivaldi -- -- This is an example file system access suite for Oracle based on the utlfile -- package...

Oracle DISABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle DISABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle DISABLEHIERARCHYINTERNAL procedure fails to...

Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection

Overview The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection...

Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection

Overview The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection...

Oracle CREATE_CHANGE_TABLE procedure vulnerable to PL/SQL injection

Overview The Oracle CREATECHANGETABLE procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle CREATECHANGETABLE procedure fails to properly filter us...

Oracle PREPARE_UNBOUNDED_VIEW procedure vulnerable to PL/SQL injection

Overview The Oracle PREPAREUNBOUNDEDVIEW procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle PREPAREUNBOUNDEDVIEW procedure fails to properly...

Oracle ENABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle ENABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle ENABLEHIERARCHYINTERNAL procedure fails to proper...

CVE-2006-5332

Unspecified vulnerability in xdb.dbmsxdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection ...

CVE-2006-5336

Multiple unspecified vulnerabilities in the Change Data Capture CDC component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to 1 sys.dbmscdcipublish Vuln DB05 and 2 sys.dbmscdcisubscribe DB06. NOTE: as of 20061023, Oracle has not...

CVE-2006-5332

CVE-2006-5332 concerns Oracle Database components: an unspecified vulnerability in xdb.dbms_xdbz within XMLDB affecting Oracle Database 9.2.0.6 and 10.1.0.4. The DB01 issue is reported as PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure, with evidence that reports of this vulnerability...

CVE-2006-5336

Technical details for CVE-2006-5336 are not publicly provided in the connected documents; no affected products, versions, or fixes are specified here. Monitor for updates.

CVE-2006-5336

Multiple unspecified vulnerabilities in the Change Data Capture CDC component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to 1 sys.dbmscdcipublish Vuln DB05 and 2 sys.dbmscdcisubscribe DB06. NOTE: as of 20061023, Oracle has not...

CVE-2006-5332

Unspecified vulnerability in xdb.dbmsxdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection ...

Oracle Database - SQL Injection in SYS.DBMS_UPGRADE [DB22]

Name SQL Injection in package SYS.DBMSUPGRADE 6980717 DB22 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Advisory...