Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.
d989295721cf25dcaaf465c895ff883a1a87f32d52287e19579dc907b0d097ef
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5, 11.1.0.1 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site request forgery.
d4672741754f3365fd9a11174f8e639731c1141c66b463d714e1cd9022daa858
Oracle Enterprise Manager 10g Release 1 and Release 2 both suffer from a cross site scripting vulnerability.
4015885c223ff70fa622d3116b9ad723667b5bf20c559042a9e6f22c17627cd1
Oracle Enterprise Manager 11g Release 1 suffers from a remote SQL injection vulnerability.
f2f11a1a28f0a9de198654ca510395ee753ef265e1a37a322a1ccd7270512599
Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database. Affected are Oracle Database Server versions 10gR1, 10gR2, 11gR1 and 11gR2 (on Windows platform).
6061c4891857303cc29e065da2ea05260f71114bccb80e80eab2d4b335fe434d
Team SHATTER Security Advisory - Oracle Database Server versions 10gR2, 11gR1 and 11gR2 suffer from a session id extraction vulnerability.
eef562c85e54780f81de814c641965c168f2e9b2b4076a28c77c679bc80f39a5
Team SHATTER Security Advisory - The Oracle Database Vault Administrator web console lacks any sort of cross site request forgery protection.
013e587bb10c3bf7704f61efe60bbec7cc861cbd1561e4b1b1c66e862db60f5a
Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in CREATE_CHANGE_SET procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.
a4826476bad8dd89e0725984586be712f1bfa2620f4faad2b0e241fb72a4af3a
Team SHATTER Security Advisory - Oracle Database provides the DBMS_CDC_PUBLISH PL/SQL package owned by SYS that is part of the Change Data Capture component. This package has a SQL Injection vulnerability in DROP_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user.
c35f4f8ed0b6742d878dc5ee1a8c8cca9fdc018856ad9e4443fbbf4bf0fcfaf5
Team SHATTER Security Advisory - The Oracle Resource Manager suffers from a buffer overflow vulnerability. Oracle Database Server versions 9iR1 and 9iR2 are affected.
1810430228aa84d295531bb9807cf111a815ed8710724c67b48b21bbd347a08a
Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control 11 (11.1.0.6, 11.1.0.7) and Oracle Enterprise Manager 10g Grid Control 10.2.0.4 (and previous patchsets) suffer from multiple SQL injection vulnerabilities.
1f9e8a8d70e706e7a333b2c2deb353c2994c4cfe3b579aeac098feb6ae91a71e
Team SHATTER Security Advisory - Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component (DBMS_WM public synonym). This package has a SQL Injection instance in ROLLBACKWORKSPACE procedure.
e58d43cc719d94ffa023b3e9e25d0e5d73c84c6baf695f9d1e1172a8cbfa95dd
Team SHATTER Security Advisory - Oracle Database Server version 9iR2 suffers from a buffer overflow vulnerability in SYS.OLAPIMPL_T.ODCITABLESTART.
a39843ad1978417ac2d1d54f77d7f550dd386455ba1250f2d7c1ff55526f2b6f
Team SHATTER Security Advisory - The Oracle Enterprise Manager TARGET parameter suffers from a remote SQL injection vulnerability. Oracle Enterprise Manager 10g Grid Control 10.2.0.4 and previous patchsets are vulnerable.
acd32ba3a38a84b9fa838e17fd50d867609b311ce99bfa68d4c094796de222a7
Team SHATTER Security Advisory - Oracle Database provides the "LTADM" PL/SQL package that is part of the Oracle Workspace Manager component. This package has instances of SQL Injection in COMPRESSSTATE and GOTOTS procedures.
29603ed80c14670ee01111577280faac894cf3b0ed732e00604e0e4483cc40e7
Team SHATTER Security Advisory - Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component. This package has multiple instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE and REMOVEWORKSPACE procedures.
46972c6b9e06e4bc4b703ab2962224b03b0e54bbdc772217823fb7beae043812
Team SHATTER Security Advisory - The PL/SQL package DBMS_CDC_PUBLISH owned by SYS has an instance of SQL Injection in the ALTER_AUTOLOG_CHANGE_SOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_PUBLISH can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges.
6d9859110fa4472ae5c8c80e514c0e87d667d0dfdda497fbb7603deb6b05266d
Team SHATTER Security Advisory - The PL/SQL package DBMS_CDC_IPUBLISH owned by SYS has an instance of SQL Injection in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure. A malicious user can call the vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_IPUBLISH can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges.
82c4d19734c2c52a47749dc7aec61838a254cb0150ca211870aef6a151c901dc
Team SHATTER Security Advisory - The Oracle Enterprise Manager Database Control 10gR1, 10gR2, and 11g (11.1.0.6) all suffer from a cross site scripting vulnerability in the REFRESHHOME parameter.
b7c3fb502ff84d70e4c0c2fb66964c3536ba8b850a9298c13cc3362c7bf78ea1
Team SHATTER Security Advisory - The Oracle Enterprise Manager Database Control 10gR1 and Oracle Enterprise Manager Grid Control 10gR1 suffer from a cross site scripting vulnerability in the REFRESHHOME parameter.
56edf5d6ee5dd6510a508c7efc4ac11881f97678fe069b1fecb203351962fe80
Team SHATTER Security Advisory - The Oracle Database Server versions 9iR1, 9kiR2, 10gR1, 10gR2, and 11gR1 all suffer fro a SQL injection vulnerability in DBMS_DEFER_SYS.DELETE_TRAN.
b0e9da563eda5e5add0743b843609004a118c8e56a05f4cd45e4bf698b5f29ea
Team SHATTER Security Advisory - The Oracle Application Server versions 9.0.4.3, 10.1.2.2, and 10.1.4.1 all suffer from a SQL injection vulnerability in WWEXP_API_ENGINE.
b5e22befb6f5545994e31ab429556c724d4b8074451a9b877ac039fe66e9f6e3
Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 and 11gR1 suffer from a SQL injection vulnerability in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET.
94ba6caf19058ad048493cc14fa73c4bc39279796b9fa5d8409fa5e71f5b898b
Team SHATTER Security Advisory - Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1 suffer from a buffer overflow vulnerability in SYS.KUPF$FILE_INT.GET_FULL_FILENAME.
99556d664ab32dc34f75b94140c8074a1bbce0bebd0a724b7250aeff65c852ef
Team SHATTER Security Advisory - Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1 suffer from a buffer overflow vulnerability in SYS.DBMS_AQJMS_INTERNAL.
1c7f1b151a5468928658fcc1e0d2f4b62069f6f76811b2a21b6a32822343f1f8