Team SHATTER Security Advisory - GeoRaster is a feature of Oracle Spatial that lets you store, index, query, analyze, and deliver GeoRaster data. One of the GeoRaster APIs is prone to stack-based overflow.
3a93180b3014610b665d5b8cce7d1ac694474a16caebae59d56cfa7c1dcef3afTeam SHATTER Security Advisory - Renaming a table having flashback archive using specially crafted table name triggers internal SQL injection. This allows users to execute code with elevated privileges. Oracle Database Enterprise Edition version 11.1 and 11.2 are affected.
fe12a85f642cabb0360ed843da29b8d6e66283d99716b980d61f47a9ad23614cAuthenticated users can elevate privileges to any role via SQL injection in one of the DBCC commands in Sybase ASE versions 15.0, 15.5, and 15.7.
0de0a63c7bdd201868a067b883c3f04d9b4bc9ce90eabb05ce9dc53e37d30270Team SHATTER Security Advisory - Two system stored procedures executable by PUBLIC allow reading of files with xml extensions in IBM DB2 LUW versions 9.1, 9.5, 9.7, and 10.1.
107b4fda80eb2d3a4a4a72644c82a7c887c11de47730435f9aa331d4906b0061Team SHATTER Security Advisory - System stored procedure SQLJ.DB2_INSTALL_JAR executable by PUBLIC allows JAR file overwrite to any authenticated user in IBM DB2 LUW versions 9.1, 9.5, 9.7, and 10.1.
70532ba6dc2c51be2493c022d83d341c1d2e93b16b4e6d2b79127f0dc31c10d7Team SHATTER Security Advisory - Microsoft SQL Server versions 2005, 2008, and 2008 R2 suffer from a SQL injection vulnerability in the RESTORE DATABASE command that can lead to privilege escalation.
b64d5300f1a7ad77731e4342eabd0820c75171ca63e4b9ccb158653ee331263eTeam SHATTER Security Advisory - Oracle Database supports spatial datatypes. A SQL injection vulnerability exists in the handling of spatial indexes. Users with create table and create procedure privileges can elevate their privileges to SYSDBA.
4616869b107611943cfb158aaeb48dfebc849d4b8aa5d6f570567435e9d23081Team SHATTER Security Advisory - It is possible to execute arbitrary operating system commands as localsystem when certain maintenance tasks are executed. For instance, when Database Configuration Assistant is invoked or Oracle Universal Installer is used to modify features. These tools use a Windows service to execute various commands: the service itself relies on a named pipe to receive the commands. The pipe handling is not secure enough resulting in the vulnerability.
917ec70d2616d1daa738ea18642a5db3ecb8441d150203729a61d9b856e59d94Team SHATTER Security Advisory - It is possible to use the CLR stored procedure deployment feature of IBM Database add-ins for Visual Studio to produce a privilege escalation or denial of service on a DB2 server. IBM DB2 Database Server versions 9.1 and 9.5 on the Windows platform are affected.
93159e714894796764bdfc5cbc6de85425718a0e10e81c6b0e87ed2a5c4ac87bTeam SHATTER Security Advisory - IBM DB2 UDB suffers from an arbitrary code execution vulnerability in the ADMIN_SP_C/ADMIN_SP_C2 procedures.
50e6be64cb624506a4f86efaad10de1d3ee7e3c73d10c512e9caa0c69f8eaff0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed