Date (UTC) | Description |
2008-07-19 15:08 |
Bugtraq Oracle Database Local Untrusted Library Path Vulnerability
Vulnerability Proof Of Concept (CVE-2008-2613)
#Cid: 30177-joxeankoret-2.txt
|
2008-07-19 |
Bugtraq Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit
Vulnerability Proof Of Concept (CVE-2008-2595)
#Cid: 30177-joxeankoret.py
|
2008-07-16 21:38 |
Symantec ThreatCON (2) => (1)
On July 15, 2008, Oracle released 45 security updates for a number of products. Administrators of Oracle products are advised to review the advisory and apply the relevant updates.
|
2008-07-16 12:00 |
Hewlett-Packard HPSBMA02133: SSRT061201 rev.9 - HP Oracle for OpenView (OfO) Critical Patch Update
Oracle has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).
|
2008-07-15 20:45 |
SANS Internet Storm Center Oracle (and BEA, Hyperion and TimesTen) critical patch update July 15th, 2008 (Version: 2)
Today, July 15th, Oracle has released its quarterly critical patch update. The highest CVSS score of all vulnerabilities patched is 6.8 (6.5 is the maximum for the Oracle Database itself).
|
2008-07-15 20:38 |
US-CERT Oracle Releases Critical Patch Update for July 2008
US-CERT Current Activity
Oracle has released their Critical Patch Update for July 2008 to address 45 vulnerabilities across several products.
|
2008-07-15 20:01 |
Oracle Oracle Critical Patch Update Advisory - July 2008
|
2008-01-25 |
iDefense Oracle Database Local Untrusted Library Path Vulnerability
Vulnerability Reported
Local exploitation of an untrusted library path vulnerability in Oracle Corp.'s Oracle Database product allows attackers to gain elevated privileges.
|
2008-01-03 |
Application Security Inc. Team SHATTER Security Alert Oracle 2008-04: SQL Injection in Oracle Application Server (WWEXP_API_ENGINE)
Oracle Application Server
Vulnerability Reported
Oracle Application Server installs the PL/SQL package WWEXP_API_ENGINE owned by PORTAL in the backend Oracle database server. The 'ACTION' procedure of this package has an instance of SQL Injection that allows attackers to create anonymous PL/SQL programs and execute any kind of PL/SQL statements. The statements are executed with the privileges of the PORTAL user, that has DBA privileges.
|
2007-12-27 |
Application Security Inc. Team SHATTER Security Alert Oracle 2008-07: Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter)
Oracle Enterprise Manager Database Control
Vulnerability Reported
The "REFRESHCHOICE" parameter used in web pages of Oracle Enterprise Manager are vulnerable to cross-site scripting attacks. User supplied input to these parameters is returned without proper sanitization, allowing a malicious attacker to inject arbitrary scripting code.
|
2007-12-18 |
iDefense Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability
Vulnerability Reported
Remote exploitation of a buffer overflow vulnerability in the DBMS_AQELM package in Oracle Corp.'s Oracle Database product allows attackers to execute arbitrary code with the privileges of the database user.
|
2007-10-09 |
NGSSoftware #NISR15072008: PLSQL Injection in Oracle Application Server
Oracle Database Vuln# DB23
Vulnerability Reported
Oracle has just released a fix for a flaw that, when exploited, allows an unauthenticated attacker on the Internet to gain full control of a backend Oracle database server via the front end web server.
|
2007-09-24 |
Application Security Inc. Team SHATTER Security Alert Oracle 2008-05: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)
Oracle Database Server
Vulnerability Reported
The PL/SQL package DBMS_DEFER_SYS owned by SYS has an instance of SQL Injection in the DELETE_TRAN procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of SYS user.
|
2007-08-24 |
Application Security Inc. Team SHATTER Security Alert Oracle 2008-06: Cross-site scripting in Oracle Enterprise Manager (REFRESHHOME Parameter)
Oracle Enterprise Manager Database Control
Vulnerability Reported
The "REFRESHHOME" parameter used in web pages of Oracle Enterprise Manager are vulnerable to cross-site scripting attacks. User supplied input to these parameters is returned without proper sanitization, allowing a malicious attacker to inject arbitrary scripting code.
|
2007-05-11 |
iDefense Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability
Vulnerability Reported
Remote exploitation of a pre-authentication input validation vulnerability in Oracle Corp.'s Oracle Internet Directory allows an attacker to conduct a denial of service attack on a vulnerable host.
|