33 matches found
Oracle Releases Critical Patch Update
Oracle has released its Critical Patch Update for October 2009 to address 38 vulnerabilities across several database and server products. The update contains the following security fixes: 16 for the Oracle Database 3 for the Oracle Application Server 8 for the Oracle E-Business Suite and...
Unprivileged DB users can see APEX password hashes
Name Unprivileged DB users can see APEX password hashes Systems Affected APEX 3.0 optional component of 11.1.0.7 installation Severity High Risk Category Password Disclosure Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE CVE-2009-0981 Advisory 14...
APEX Password Hash Disclosure
Name Unprivileged DB users can see APEX password hashes Systems Affected APEX 3.0 optional component of 11.1.0.7 installation Severity High Risk Category Password Disclosure Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE CVE-2009-0981 Advisory 14...
SQL Injection in package DBMS_AQADM_SYS
Name SQL Injection in package DBMSAQADMSYS CVE-2009-0977 Systems Affected Oracle 9.2.0.8 - 10.2.0.3 Severity Medium Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Franz Hll fh at red-database-security.com CVE CVE-2009-0977 Advisory 14 April 2009 V 1.00 Details: The package...
SQL Injection in package DBMS_AQIN
Name SQL Injection in package DBMSAQIN CVE-2009-0992 Systems Affected Oracle 10.1.0.5 - 11.1.0.7 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE CVE-2009-0992 Advisory 14 April 2009 V 1.00 Details: The...
[Full-disclosure] Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13]
Oracle - Hardcoded Password and Password Reset of OUTLN User DB13 Systems Affected 9i Rel. 1 - 10g Rel. 2 Severity High Risk Category Hardcoded Default Password & Password Reset Vendor URL http://www.oracle.com/ Author Alexander Kornbrust Advisory 16 April 2008 V 1.00 Advisory URL...
Oracle Security: SQL Injection in package DBMS_PRVTAQIS
SQL Injection in package DBMSPRVTAQIS This advisory http://www.red-database-security.com/advisory/oraclesqlinjectiondbmsprvtaqis.html Name SQL Injection in package DBMSPRVTAQIS DB02 Systems Oracle 9i Rel.1 - 10g Rel. 1 Severity High Risk Category SQL Injection Author Alexander Kornbrust ak at...
SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL
SQL Injection in package SYS.DBMSUPGRADEINTERNAL Name SQL Injection in package SYS.DBMSUPGRADEINTERNAL 6980753 DB07 Systems Affected Oracle 8i-10g Rel. 2 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE...
Bypass Oracle Logon Trigger
Bypass Oracle Logon Trigger Name Bypass Oracle Logon Trigger 7826485 DB05 Systems Affected Oracle 8-10g Rel. 2 Severity High Risk Category Bypass Security Feature Database Logon Trigger Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE Advisory 17...
SQL Injection in package SYS.DBMS_CDC_IMPDP
Name SQL Injection in package SYS.DBMSCDCIMPDP DB04 Systems Affected Oracle 10g Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 October 2006 V 1.00 Advisory...
Oracle Database - SQL Injection in SYS.DBMS_STATS [DB21]
Name SQL Injection in package SYS.DBMSSTATS 6980751 DB21 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Advisory...
Oracle Database - SQL Injection in SYS.DBMS_CDC_IMPDP [DB01]
Name SQL Injection in package SYS.DBMSCDCIMPDP 6980711 DB01 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Details The package SYS.DBMSCDCIMPDP contains...
Oracle Database - SQL Injection in SYS.KUPW$WORKER [DB03]
Name SQL Injection in package SYS.KUPW$WORKER 6980775 DB03 Systems Oracle 10g Release 1 Severity High Risk Category SQL Injection Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com Advisory 18 Jul 2006 V 1.00 Advisory...
[Full-disclosure] Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA
Hello FD reader Oracle released the first critical patch update for 2006 with bugfixes for 82 vulnerabilities. http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html Additional information concerning the Oracle January 2006 CPU is available here...
[Full-disclosure] Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)
Hello FD-Reader It took only 889 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsoverwritea...
[Full-disclosure] Oracle Reports - Read parts of files via customize(fixed after 875 days)
Hello FD-Reader It took only 875 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyxm lfile.ht...
[Full-disclosure] Oracle Reports - Read parts of files via desname (fixed after 874 days)
Hello FD-Reader It took only 874 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyfi le.html...
[Full-disclosure] Oracle Workflow CSS Vulnerability wf_route
Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...
[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor
Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...
[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor
Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...