CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability

Oracle is a widely-deployed Database Management System DBMS that supports a variety of applications. Many multi-tier applications are designed to use proxy authentication, restricting a middle tier to establish the database connection on behalf of the users. The standard authentication mechanism...

CVE-2006-0547

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTHALTERSESSION attribute in the authentication phase of t...

CVE-2006-0547

CVE-2006-0547 affects Oracle Database 8i, 9i, and 10g. The issue arises in the authentication phase of the Transparent Network Substrate (TNS) protocol where a modified AUTH_ALTER_SESSION attribute can be exploited by remote authenticated users to execute arbitrary SQL statements in the context o...

Oracle TNS protocol fails to properly validate authentication requests

Overview The Oracle TNS protocol authentication mechanism fails to properly sanitize authentication requests, possibly allowing a remote attacker to execute arbitrary SQL statements with elevated privileges. Description Oracle databases authenticate and manage database connections via Oracle...