CVE-2016-2346

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...

Allround Automations PL/SQL Developer v11 performs updates over HTTP

Overview Allround Automations PL/SQL Developer version 11 checks for updates over HTTP and does not verify updates before executing commands, which may allow an attacker to execute arbitrary code. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2016-2346 According to the...

Oracle Database Server Multiple Unspecified Vulnerabilities -04 (Jan 2016)

Oracle Database Server is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Database Multiple Vulnerabilities (January 2015 CPU)

The remote Oracle database server is missing the January 2015 Critical Patch Update CPU. It is, therefore, affected by security issues in the following components : - Core RDBMS - DBMSUTILITY - PL/SQL - Recovery - Workspace Manager - XML Developer's Kit for C %NASLMINLEVEL 70300 C Tenable Network...

Design/Logic Flaw

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors...

CVE-2014-6514

CVE-2014-6514 affects Oracle Database Server’s PL/SQL component across multiple versions (11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1). The vulnerability allows remote authenticated users to affect confidentiality via unknown vectors. Base CVSS v2 score is 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N). No exploita...

Oracle 8.x/9.x/10.x Database Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13144/info Oracle database is reported prone to multiple SQL injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. These issues can be exploited using malformed PL/SQL...

Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter...

Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/13236/info Oracle database is prone to an SQL-injection vulnerability because the software fails to properly sanitize user-supplied data. The 'SUBSCRIPTIONNAME' parameter is vulnerable. Packages that employ this parameter...

Oracle <= 9i / 10g (extproc) - Local/Remote Command Execution Exploit

No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...

Fortify SCA analysis code vulnerabilities the whole solution-vulnerability warning-the black bar safety net

The last describes the use of FindBugs-assisted analysis of code vulnerability, this time a tools: Fortify SCA Demo 4.0.0。 Fortify is a security aspect of the quite famous company, there is not much to say. First introduce the protagonist: the Fortify SCA Demo 4.0.0, although do not know now...

Oracle Portal Demo Organization Chart PL/SQL Injection

============================================= INTERNET SECURITY AUDITORS ALERT 2012-001 - Original release date: November 8th, 2012 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2013-3831...

Oracle Database Server Multiple Components Multiple Vulnerabilities

Oracle database is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:databaseserver";...

Oracle Database Multiple Vulnerabilities (July 2007 CPU)

The remote Oracle database server is missing the July 2007 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - DataGuard - JavaVM - Oracle Data Mining - Oracle Text - PL/SQL - Rules Manager - Spatial - SQL Compiler...

Oracle Database Multiple Vulnerabilities (October 2005 CPU)

The remote Oracle database server is missing the October 2005 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Change Data Capture - Data Guard Logical Standby - Data Pump Export - Database Scheduler - Export - Locale - Materialize...

Oracle Database Multiple Vulnerabilities (October 2009 CPU)

The remote Oracle database server is missing the October 2009 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Application Express - Auditing - Authentication - Core RDBMS - Data Mining - Data Pump - Network...

Oracle 10g R2 Buffer Overflow

Exploit Title: New exploit to Oracle CVE-2007-4517 vulnerability Date: 11,2,2011 Author: David Maman and the GreenSQL Team Software Link: http://blog.greensql.com/2011/11/02/new-exploit-to-oracle-vulnerability/ Version: 0.1 Tested on: Oracle Database 10g Express Edition CVE : New exploit to...

Oracle XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA Procedure Exploit

Exploit for windows platform in category remote exploits Exploit Title: New exploit to Oracle CVE-2007-4517 vulnerability Date: 11,2,2011 Author: David Maman and the GreenSQL Team Software Link: http://blog.greensql.com/2011/11/02/new-exploit-to-oracle-vulnerability/ Version: 0.1 Tested on: Oracl...

Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET

The module exploits an sql injection flaw in the CREATECHANGESET procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module requires...

Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE

The module exploits an sql injection flaw in the DROPCHANGESOURCE procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module require...