74 matches found
Design/Logic Flaw
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit...
CVE-2021-38459
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...
CVE-2021-38475
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...
Code injection
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...
Code injection
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...
CVE-2021-38459 AUVESY Versiondog
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user...
CVE-2021-38459
CVE-2021-38459 affects AUVESY Versiondog. The vulnerability allows authentication at SYSDBA level by capturing initial handshake data and replaying it, provided a specific executable isn’t restarted frequently. Impact per sources includes the ability to change user passwords or delete the databas...
CVE-2021-38475 AUVESY Versiondog
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions...
AUVESY Versiondog has an unspecified vulnerability
AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog, which could be exploited by attackers to gain SYSDBA privileges...
Oracle Auditing Part 2: Mandatory and Fine-Grained Auditing
This is the second of three articles on the topic of Oracle auditing. It is relevant to Oracle 10g, 11g, and 12c, although Unified Auditing in 12c makes some of this content irrelevant if you choose to use Pure Unified Auditing. Unified Auditing will be covered in the third part of this series an...
CVE-2020-10552
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as wel...
CVE-2015-0393
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges. NOTE: the...
Code injection
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges. NOTE: the...
CVE-2015-0393
CVE-2015-0393 affects Oracle E-Business Suite, specifically the Oracle Applications DBA component across versions 11.5.10.2, 12.0.6, 12.1.3, 12.2.2–12.2.4. The issue arises from DB privileges-related logic in the E-Business Suite, with a noted claim that the PUBLIC role may have INDEX privilege o...
CVE-2015-0393
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges. NOTE: the...
Oracle Database 10.1 MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting ...
Oracle Database Server <= 10.1.0.2 - Buffer Overflow Exploit
No description provided by source. / Advanced SQL Injection in Oracle databases Exploit for the buffer overflow vulnerability in procedure MDSYS.MD2.SDOCODESIZE of Oracle Database Server version 10.1.0.2 under Windows 2000 Server SP4. Fixes available at http://metalink.oracle.com. The exploit...
Oracle Database Server <= 11.1 'CREATE ANY DIRECTORY' Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31738/info Oracle Database Server is prone to a privilege-escalation issue related to the 'CREATE ANY DIRECTORY' user privilege. Attackers may exploit this issue to gain full SYSDBA privileges on the vulnerable database...
TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Alter FBA Table February 20, 2013 Risk Level: High Affected versions: Oracle Database Enterprise Edition 11.1, 11.2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched...
TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...