----------------------------------------------------------------------

Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.

----------------------------------------------------------------------

TITLE:
Oracle Products Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA26114

VERIFY ADVISORY:
http://secunia.com/advisories/26114/

CRITICAL:
Highly critical

IMPACT:
Unknown, Security Bypass, Manipulation of data

WHERE:
>From remote

SOFTWARE:
Oracle Database 10.x
http://secunia.com/product/3387/
PeopleSoft Enterprise Customer Relationship Management (CRM) 8.x
http://secunia.com/product/5941/
Oracle9i Database Standard Edition
http://secunia.com/product/358/
Oracle9i Database Enterprise Edition
http://secunia.com/product/359/
Oracle Secure Enterprise Search 10.x
http://secunia.com/product/13978/
Oracle PeopleSoft Enterprise Tools 8.x
http://secunia.com/product/9411/
Oracle PeopleSoft Enterprise Human Capital Management 9.x
http://secunia.com/product/14817/
Oracle PeopleSoft Enterprise Human Capital Management 8.x
http://secunia.com/product/13980/
Oracle PeopleSoft Enterprise Customer Relationship Management (CRM)
9.x
http://secunia.com/product/14815/
Oracle E-Business Suite 12.x
http://secunia.com/product/13979/
Oracle E-Business Suite 11i
http://secunia.com/product/442/
Oracle Collaboration Suite 10.x
http://secunia.com/product/2450/
Oracle Application Server 10g
http://secunia.com/product/3190/
Oracle Application Express 2.x
http://secunia.com/product/12342/
Oracle Application Express 1.x
http://secunia.com/product/12341/

DESCRIPTION:
Multiple vulnerabilities have been reported for various Oracle
products. Some of these have unknown impacts, while others can be
exploited to bypass certain security restrictions and conduct SQL
injection attacks.

Details are available for the following vulnerabilities:

1) Oracle APEX does not correctly sanitise input passed via the
password used in the wwv_flow_security.check_db_password function
before using it in SQL queries. This can be exploited to modify SQL
queries by injecting arbitrary SQL code.

2) Specially crafted views can be exploited to perform updates,
deletes and inserts without having proper privileges.

3) Certain input processed by the DBMS_PRVTAQIS package is not
correctly sanitised before being used in SQL queries. This can be
exploited to modify SQL queries by injecting arbitrary SQL code.

SOLUTION:
Apply patches (See vendor's advisory).

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
* Esteban Martinez Fayo of Application Security, Inc.
* Jack Kanter and Stephen Kost of Integrigy
* Guy Karlebach of Imperva
* Joxean Koret
* Alexander Kornbrust of Red Database Security GmbH
* Michael Krax
* David Litchfield and Paul M. Wright of Next Generation Security
Software Ltd.

ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html

Red Database Security:
http://www.red-database-security.com/advisory/oracle_apex_sql_injection_check_db_password.html
http://www.red-database-security.com/advisory/oracle_view_vulnerability.html
http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------