Date (UTC) | Description |
2007-10-26 13:03 |
Bugtraq Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit
Vulnerability Proof Of Concept (CVE-2007-5511)
#Cid: sys-lt-findricset.pl
|
2007-10-26 13:03 |
Bugtraq Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit (2)
Vulnerability Proof Of Concept (CVE-2007-5511)
#Cid: sys-lt-findricsetV2.pl
|
2007-10-26 |
Bugtraq Oracle 10g LT.FINDRICSET Local SQL Injection Exploit (IDS evasion)
Vulnerability Proof Of Concept (CVE-2007-5511)
|
2007-10-23 |
Bugtraq Oracle 10g CTX_DOC.MARKUP SQL Injection Exploit
Vulnerability Proof Of Concept (CVE-2007-5508)
#Cid: 26101.sql
|
2007-10-17 19:13 |
US-CERT TA07-290A: Oracle Updates for Multiple Vulnerabilties
Via US-CERT Mailing List
Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
|
2007-10-17 13:24 |
US-CERT Oracle Releases October Critical Patch Update
Oracle has released their October Critical Patch Update (CPU) to address 51 vulnerabilities across several products. This CPU contains twenty-eight security fixes for Oracle Database; eleven for Oracle Application Server; seven for Oracle Collaboration Suite; eight for Oracle E-Business Suite; two for Oracle Enterprise Manager; two for Oracle PeopleSoft Enterprise PeopleTools; and one for PeopleSoft Enterprise Human Capital Management.
|
2007-10-16 20:47 |
Oracle Oracle Critical Patch Update - October 2007
|
2006-08-23 |
NGSSoftware #NISR17102007B: SQL Injection Flaw in Oracle Workspace Manager
Vulnerability Reported
The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection.
|
2006-06-23 |
NGSSoftware #NISR17102007D: Oracle RDBMS Data packet DoS
Oracle Database Vuln# DB20
Vulnerability Reported
The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a Denial of Service condition.
|
2006-06-22 |
NGSSoftware #NISR17102007C: Oracle TNS Listener DoS and/or remote memory inspection
Oracle Database Vuln# DB22
Vulnerability Reported
The TNS Listener can be crashed by an attacker causing a Denial of Service; alternatively the attacker can use the same flaw to expose memory contents remotely. This may reveal sensitive information.
|
2006-06-06 |
NGSSoftware #NISR17102007A: Multiple SQL Injection Flaws in Oracle CTX_DOC package
Oracle Database Vuln# DB03
Vulnerability Reported
The Intermedia application in Oracle 10g release 1 and 2 is vulnerable to SQL injection.
|
2006-03-09 |
NGSSoftware #NISR17102007E: Oracle audit issue with XMLDB ftp service
Oracle Database Vuln# DB23
Vulnerability Reported
The Oracle XML DB ftp service contains problems with auditing logins.
|
2005-02-25 |
Application Security Inc. Team SHATTER Security Alert Oracle 2007-08: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO
Vulnerability Reported
Oracle Database Server provides the SYS.DBMS_AQADM_SYS package that is used internally by the SYS.DBMS_AQADM package to provide procedures to manage Oracle Streams Advanced Queuing (AQ) configuration and administration information. This package contains the procedure DBLINK_INFO which is vulnerable to buffer overflow attacks.
|
2005-02-25 |
Application Security Inc. Team SHATTER Security Alert Oracle 2007-09: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM
Vulnerability Reported
Oracle Database Server provides the MDSYS.SDO_CS package that contains subprograms for working with coordinate systems. This package contains the function TRANSFORM which is vulnerable to buffer overflow attacks.
|