16 matches found
EUVD-2008-6035
Malware in sbrugna...
EUVD-2015-0406
Malware in sbrugna...
AUVESY Versiondog has an unspecified vulnerability
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog, which could be exploited by attackers to gain SYSDBA privileges...
Oracle Auditing Part 2: Mandatory and Fine-Grained Auditing
This is the second of three articles on the topic of Oracle auditing. It is relevant to Oracle 10g, 11g, and 12c, although Unified Auditing in 12c makes some of this content irrelevant if you choose to use Pure Unified Auditing. Unified Auditing will be covered in the third part of this series an...
CVE-2015-0393
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges. NOTE: the...
CVE-2015-0393
CVE-2015-0393 affects Oracle E-Business Suite, specifically the Oracle Applications DBA component across versions 11.5.10.2, 12.0.6, 12.1.3, 12.2.2–12.2.4. The issue arises from DB privileges-related logic in the E-Business Suite, with a noted claim that the PUBLIC role may have INDEX privilege o...
Oracle Database 10.1 MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting ...
Design/Logic Flaw
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the...
CVE-2008-6065
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the...
CVE-2008-6065
Oracle Database Server 10.1/10.2/11g vulnerability: GRANTs for CREATE ANY DIRECTORY plus CREATE OR REPLACE DIRECTORY aliasing allow remote authenticated users to abuse aliased pathnames to overwrite the password file via UTL_FILE, potentially elevating to SYSDBA. Root cause is directory permissio...
Oracle Database Server 11.1 - CREATE ANY Directory Privilege Escalation
Oracle Database Server 11.1 - CREATE ANY Directory Privilege Escalation source: https://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA...
CVE-2007-4669
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log firebird.log, aka CORE-1148...
Code injection
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log firebird.log, aka CORE-1148...
Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection
Overview A vulnerability in Oracle PL/SQL Export Extensions may allow an attacker to modify privileged database information. Description Oracle Extensions, ODCIIndex Interface, andODCIIndexGetMetadata Oracle extensions are used to create customized Oracle database constructs. An indextype is an...
Oracle Database 10.1 - MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow
Oracle Database 10.1 - MDSYS.MD2.SDOCODESIZE Buffer Overflow source: https://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an...
Oracle Database 10.1 - MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow
source: https://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffe...