CVE-2023-22071

Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utlhttp privilege with network access via Oracle Net to...

OPENSUSE-SU-2020:2029-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. CVE-2020-25694, bsc1178667: a Fix usage of complex...

Oracle Application Server PLSQL injection flaw

NGSSoftware Insight Security Research Advisory Name: PLSQL Injection in Oracle Application Server Systems Affected: Oracle Application Server 9.0.4.3, 10.1.2.2, 10.1.4.1 Severity: Critical Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 9th October 200...

Oracle 10g R1 pitrig_truncate PLSQL Injection (get users hash)

No description provided by source. // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGTRUNCATE / / SQL Injection Exploit / // / sploit get password Hashes / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 28, 2008 / / Written by: &nbsp...

Oracle 10g R1 xdb.xdb_pitrig_pkg PLSQL Injection (change sys password)

No description provided by source. // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGDROP / / SQL Injection Exploit / // / exploit change system password / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 25, 2008 / / Written by: Alexandr...

Oracle 10g R1 - PITRIG_TRUNCATE Get Users Hash PLSQL Injection

Oracle 10g R1 - PITRIGTRUNCATE Get Users Hash PLSQL Injection // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGTRUNCATE / / SQL Injection Exploit / // / sploit get password Hashes / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 28, 2008 / /...

Oracle 10g R1 xdb.xdb_pitrig_pkg PLSQL Injection (change sys password)

Exploit for multiple platform in category local exploits ====================================================================== Oracle 10g R1 xdb.xdbpitrigpkg PLSQL Injection change sys password ====================================================================== // / Oracle 10g R1...

Oracle 10g R1 - xdb.xdb_pitrig_pkg PLSQL Injection (Change Sys Password)

// / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGDROP / / SQL Injection Exploit / // / exploit change system password / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 25, 2008 / / Written by: Alexandr "Sh2kerr" Polyakov / / email:...

Oracle 10g R1 pitrig_drop PLSQL Injection (get users hash)

Exploit for multiple platform in category local exploits ========================================================== Oracle 10g R1 pitrigdrop PLSQL Injection get users hash ========================================================== // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGDROP / / SQL Injection...

Oracle 10g R1 - xdb.xdb_pitrig_pkg PLSQL Injection (Change Sys Password)

Oracle 10g R1 - xdb.xdbpitrigpkg PLSQL Injection Change Sys Password // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGDROP / / SQL Injection Exploit / // / exploit change system password / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 25,...

Oracle 10g R1 - pitrig_drop Get Users Hash PLSQL Injection

Oracle 10g R1 - pitrigdrop Get Users Hash PLSQL Injection // / Oracle 10g R1 xDb.XDBPITRIGPKG.PITRIGDROP / / SQL Injection Exploit / // / sploit get password Hashes / // / BY Sh2kerr Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: January 28, 2008 / / Written...

The History of the Oracle PLSQL Gateway Flaw

In the past few days Oracle has criticized me for publishing a workaround for a critical flaw in their PLSQL Gateway. This email will show that after 4 years of waiting for Oracle to try to get it right, I eventually decided to take matters into my own hands and provide Oracle customers with more...

More on the workaround for the unpatched Oracle PLSQL Gateway flaw

According to Oracle, the workaround I posted, that prevents exploitation of a critical vulnerability that Oracle has so far failed to fix, breaks certain applications that sits atop their PLSQL Gateway. Though my workaround prevents exploitation of the critical flaw and thus protects vulnerable...

Design/Logic Flaw

Unspecified vulnerability in Oracle PL/SQL PLSQL, as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows...

CVE-2006-0435

Unspecified vulnerability in Oracle PL/SQL PLSQL, as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows...

Workaround for unpatched Oracle PLSQL Gateway flaw

There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend...

SQL Injection in Oracle Forms

SQL Injection in Oracle Forms V1.00 © 2005 by Red-Database-Security GmbH 1/5 Summary: All Oracle Forms applications are vulnerable against SQL Injection by default. Oracle Applications =11.5.9 is not affected due to the default setting value “FORMSxxRESTRICTENTERQUERY = TRUE”. About Oracle Forms:...