Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.
d989295721cf25dcaaf465c895ff883a1a87f32d52287e19579dc907b0d097efTeam SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5, 11.1.0.1 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site request forgery.
d4672741754f3365fd9a11174f8e639731c1141c66b463d714e1cd9022daa858Oracle Enterprise Manager 10g Release 1 and Release 2 both suffer from a cross site scripting vulnerability.
4015885c223ff70fa622d3116b9ad723667b5bf20c559042a9e6f22c17627cd1Oracle Enterprise Manager 11g Release 1 suffers from a remote SQL injection vulnerability.
f2f11a1a28f0a9de198654ca510395ee753ef265e1a37a322a1ccd7270512599Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database. Affected are Oracle Database Server versions 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform).
6061c4891857303cc29e065da2ea05260f71114bccb80e80eab2d4b335fe434dTeam SHATTER Security Advisory - Oracle Database Server versions 10gR2, 11gR1 and 11gR2 suffer from a session id extraction vulnerability.
eef562c85e54780f81de814c641965c168f2e9b2b4076a28c77c679bc80f39a5Team SHATTER Security Advisory - The Oracle Database Vault Administrator web console lacks any sort of cross site request forgery protection.
013e587bb10c3bf7704f61efe60bbec7cc861cbd1561e4b1b1c66e862db60f5aTeam SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in CREATE_CHANGE_SET procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.
a4826476bad8dd89e0725984586be712f1bfa2620f4faad2b0e241fb72a4af3aTeam SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in DROP_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.
c35f4f8ed0b6742d878dc5ee1a8c8cca9fdc018856ad9e4443fbbf4bf0fcfaf5Team SHATTER Security Advisory - The Oracle Resource Manager suffers from a buffer overflow vulnerability. Oracle Database Server versions 9iR1 and 9iR2 are affected.
1810430228aa84d295531bb9807cf111a815ed8710724c67b48b21bbd347a08aTeam SHATTER Security Advisory - Oracle Enterprise Manager Database Control 11 (11.1.0.6, 11.1.0.7) and Oracle Enterprise Manager 10g Grid Control 10.2.0.4 (and previous patchsets) suffer from multiple SQL injection vulnerabilities.
1f9e8a8d70e706e7a333b2c2deb353c2994c4cfe3b579aeac098feb6ae91a71eTeam SHATTER Security Advisory - Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure.
e58d43cc719d94ffa023b3e9e25d0e5d73c84c6baf695f9d1e1172a8cbfa95ddTeam SHATTER Security Advisory - Oracle Database Server version 9iR2 suffers from a buffer overflow vulnerability in SYS.OLAPIMPL_T.ODCITABLESTART.
a39843ad1978417ac2d1d54f77d7f550dd386455ba1250f2d7c1ff55526f2b6fTeam SHATTER Security Advisory - The Oracle Enterprise Manager TARGET parameter suffers from a remote SQL injection vulnerability. Oracle Enterprise Manager 10g Grid Control 10.2.0.4 and previous patchsets are vulnerable.
acd32ba3a38a84b9fa838e17fd50d867609b311ce99bfa68d4c094796de222a7Team SHATTER Security Advisory - Oracle Database provides the "LTADM" PL/SQL package that is part of the Oracle Workspace Manager component. This package has instances of SQL Injection in COMPRESSSTATE and GOTOTS procedures.
29603ed80c14670ee01111577280faac894cf3b0ed732e00604e0e4483cc40e7Team SHATTER Security Advisory - Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component. This package has multiple instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE and REMOVEWORKSPACE procedures.
46972c6b9e06e4bc4b703ab2962224b03b0e54bbdc772217823fb7beae043812Team SHATTER Security Advisory - The PL/SQL package DBMS_CDC_PUBLISH owned by SYS has an instance of SQL Injection in the ALTER_AUTOLOG_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_PUBLISH can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges.
6d9859110fa4472ae5c8c80e514c0e87d667d0dfdda497fbb7603deb6b05266dTeam SHATTER Security Advisory - The PL/SQL package DBMS_CDC_IPUBLISH owned by SYS has an instance of SQL Injection in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_IPUBLISH can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges.
82c4d19734c2c52a47749dc7aec61838a254cb0150ca211870aef6a151c901dcTeam SHATTER Security Advisory - The Oracle Enterprise Manager Database Control 10gR1, 10gR2, and 11g (11.1.0.6) all suffer from a cross site scripting vulnerability in the REFRESHHOME parameter.
b7c3fb502ff84d70e4c0c2fb66964c3536ba8b850a9298c13cc3362c7bf78ea1Team SHATTER Security Advisory - The Oracle Enterprise Manager Database Control 10gR1 and Oracle Enterprise Manager Grid Control 10gR1 suffer from a cross site scripting vulnerability in the REFRESHHOME parameter.
56edf5d6ee5dd6510a508c7efc4ac11881f97678fe069b1fecb203351962fe80Team SHATTER Security Advisory - The Oracle Database Server versions 9iR1, 9kiR2, 10gR1, 10gR2, and 11gR1 all suffer fro a SQL injection vulnerability in DBMS_DEFER_SYS.DELETE_TRAN.
b0e9da563eda5e5add0743b843609004a118c8e56a05f4cd45e4bf698b5f29eaTeam SHATTER Security Advisory - The Oracle Application Server versions 9.0.4.3, 10.1.2.2, and 10.1.4.1 all suffer from a SQL injection vulnerability in WWEXP_API_ENGINE.
b5e22befb6f5545994e31ab429556c724d4b8074451a9b877ac039fe66e9f6e3Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 and 11gR1 suffer from a SQL injection vulnerability in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET.
94ba6caf19058ad048493cc14fa73c4bc39279796b9fa5d8409fa5e71f5b898bTeam SHATTER Security Advisory - Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1 suffer from a buffer overflow vulnerability in SYS.KUPF$FILE_INT.GET_FULL_FILENAME.
99556d664ab32dc34f75b94140c8074a1bbce0bebd0a724b7250aeff65c852efTeam SHATTER Security Advisory - Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1 suffer from a buffer overflow vulnerability in SYS.DBMS_AQJMS_INTERNAL.
1c7f1b151a5468928658fcc1e0d2f4b62069f6f76811b2a21b6a32822343f1f8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed