Oracle Database PL/SQL Statement - Multiple SQL Injections s

/ Advanced SQL Injection in Oracle databases Becoming the SYS user with SQL Injection. This script creates functions that can be injected to replace the password of the SYS user and to restore it to the original value. By Esteban Martinez Fayo [email protected] / ------------ -- Execute this as a...

CVE-2002-1636

CVE-2002-1636 affects Oracle 9i Application Server (9iAS) via the htp PL/SQL package. The vulnerability exists in htp.print where user-supplied cbuf can inject arbitrary script/HTML, enabling remote XSS. No remediation or fix version is provided in the supplied documents.

Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i

Researchers at NGSSoftware have discovered multiple high risk vulnerabilities in the Oracle Database Server. Versions affected include Oracle Database 10g - All Releases Oracle9i Database Server - All Releases The vulnerabilities include PL/SQL Injection vulnerabilities that allow low privileged...

Oracle Trigger Abuse (#NISR2122004I)

NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i Trigger Abuse Systems Affected: Oracle 10g/9i on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)

NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i Multiple PL/SQL injection vulnerabilities Systems Affected: Oracle 10g/AS on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...

Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)

NGSSoftware Insight Security Research Advisory Name : Multiple Oracle Application Server SQL Injection Vulnerabilities Systems Affected: All OS platforms; Oracle9i Application Server Release 1 and 2 and RDBMS Severity : High Risk Vendor URL : http://www.oracle.com/ Author : David Litchfield...

CVE-2003-0634

Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name...

CVE-2003-0634

Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name...

CVE-2003-0634

The vulnerability (CVE-2003-0634) affects Oracle9i Database Release 2/1 and Oracle 8i, due to a stack-based buffer overflow in the PL/SQL EXTPROC component. An authenticated (and in some cases arbitrary) database user can potentially execute arbitrary code by supplying a long library name. This s...

Oracle Extproc Buffer Overflow (#NISR25072003)

NGSSoftware Insight Security Research Advisory Name: Oracle Extproc Buffer Overflow Systems Affected: Most OS platforms; Oracle9i Database Release 2 and 1, 8i Severity: High Risk Vendor URL: http://www.oracle.com Authors: David Litchfield [email protected] Chris Anley [email protected]...

Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication

Oracle 9i Application Server uses Apache as its web server with an Apache module for PL/SQL support. By default, no authentication is required to access the DAD configuration page. An attacker may use this flaw to modify PL/SQL applications or prevent the remote host from working properly...

CVE-2002-1666

Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL...

CVE-2002-0561

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings...

CVE-2002-0559

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via 1 a long help page request without a dadname, which overflows the resulting HTTP Location header, 2 a long HTTP request to the plsq...

CVE-2002-0567

Oracle 8i and 9i with PL/SQL package for External Procedures EXTPROC allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process...

CVE-2002-0561

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings...

CVE-2002-0564

CVE-2002-0564 affects Oracle 9i Application Server 1.0.2.x via PL/SQL module 3.0.9.8.2. An attacker can bypass authentication for a Database Access Descriptor (DAD) by altering the URL to reference a different DAD that already has valid credentials, enabling unauthorized access. The description n...

CVE-2002-0561

CVE-2002-0561 affects Oracle 9i Application Server's PL/SQL Gateway web administration interface. The default configuration uses null authentication, allowing remote attackers to bypass access controls and modify DAD/settings via the PL/SQL gateway administration pages. Details in connected advis...

CVE-2002-0559

The CVE-2002-0559 entry concerns a buffer overflow in Oracle9i Application Server’s Apache PL/SQL module exposed via the PL/SQL gateway (mod_plsql). The vulnerability arises from processing long inputs (e.g., long HTTP requests, long DAD passwords, long Authorization headers, or long cache direct...

CVE-2002-0560

Oracle 9i Application Server 1.0.2.x with PL/SQL module 3.0.9.8.2 exposes OWA_UTIL procedures (signature, listprint, show_query_columns) to remote attackers, enabling information disclosure. Affected component is the PL/SQL gateway (modplsql) in Oracle 9iAS; exploitation involves unauthenticated ...