exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed


Oracle Database CREATE_CHANGE_SET SQL Injection
Posted Oct 15, 2010
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in CREATE_CHANGE_SET procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.

tags | advisory, sql injection
advisories | CVE-2010-2415
SHA-256 | a4826476bad8dd89e0725984586be712f1bfa2620f4faad2b0e241fb72a4af3a
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By