Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21]

Name SQL Injection in package SYS.DBMSSTATS 6980751 DB21 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Advisory...

Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]

Name SQL Injection in package SYS.DBMSCDCIMPDP 6980711 DB01 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Details The package SYS.DBMSCDCIMPDP contains...

Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]

Name SQL Injection in package SYS.KUPW$WORKER 6980775 DB03 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Advisory...

Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]

Name SQL Injection in package SYS.DBMSCDCIMPDP 6980711 DB01 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Details The package SYS.DBMSCDCIMPDP contains...

Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection

Overview A vulnerability in Oracle PL/SQL Export Extensions may allow an attacker to modify privileged database information. Description Oracle Extensions, ODCIIndex Interface, andODCIIndexGetMetadata Oracle extensions are used to create customized Oracle database constructs. An indextype is an...

Oracle PL/SQL Gateway fails to properly validate HTTP requests

Overview The Oracle PL/SQL Gateway fails to properly validate HTTP requests. This may allow a remote attacker to execute SQL commands on an Oracle database. Description Oracle uses the Oracle PL/SQL Gateway to access Oracle databases over HTTP. A lack of validation in the Oracle PL/SQL Gateway ma...

CVE-2006-0435

Unspecified vulnerability in Oracle PL/SQL PLSQL, as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows...

CVE-2006-0435

The CVE-2006-0435 entry concerns Oracle PL/SQL Gateway/PLSQLExclusion bypass vulnerability (PLSQL01). Public sources (CERT VU and NVD) describe that the Oracle PL/SQL Gateway fails to validate HTTP requests, potentially allowing a remote attacker to bypass access controls and execute SQL commands...

CVE-2002-2153

The vulnerability CVE-2002-2153 is a format string flaw in the PL/SQL module’s administrative pages of Oracle Application Server 4.0.8 (and 4.0.8 2). The underlying issue is a format string vulnerability that allows remote attackers to execute arbitrary code. The affected component is the PL/SQL ...

Oracle 9i Application Server OWA UTIL Accessible - Active Check

Oracle 9i Application Server AS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. SPDX-FileCopyrightText: 2003 Javier Fernandez-Sanguino Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

Oracle 9iAS OWA UTIL access

Oracle 9iAS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...

CVE-2005-3437

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln DB01...

CVE-2005-3437

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln DB01...

CVE-2005-3437

Technical details about CVE-2005-3437 are not publicly available in the provided connected documents; the entries describe an unspecified vulnerability in Oracle PL/SQL with unknown impact. Monitor for updates.

Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

Dear security community and Oracle users, Many of my customers run Oracle. Much of the U.K. Critical National Infrastructure relies on Oracle; indeed this is true for many other countries as well. I know that there's a lot of private information about me stored in Oracle databases out there. I ha...

CVE-2002-1666

CVE-2002-1666 affects Oracle E-Business Suite 11i.1–11i.6. The issue allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. The root cause is not detailed in the provided documents; exploitation status and remediation are not specified.

CVE-2002-1666

Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL...

plsql_multiplestatement_injection.txt

/ Advanced SQL Injection in Oracle databases Executing OS Command with SQL Injection By Esteban Martinez Fayo [email protected] / CREATE OR REPLACE FUNCTION "SCOTT"."SQLI" return varchar2 authid currentuser as pragma autonomoustransaction; SqlCommand VARCHAR22048; BEGIN SqlCommand := ' CREATE OR...

Oracle Database PL/SQL Statement Multiple SQL Injection Exploits

Exploit for unknown platform in category local exploits ================================================================ Oracle Database PL/SQL Statement Multiple SQL Injection Exploits ================================================================ / Advanced SQL Injection in Oracle databases...

Oracle 8.x/9.x/10.x Database - Multiple SQL Injections

source: https://www.securityfocus.com/bid/13144/info Oracle database is reported prone to multiple SQL injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. These issues can be exploited using malformed PL/SQL statements to pass unauthorized SQL...