Team SHATTER Security Alert - Oracle Database Server provides the SYS.DBMS_AQADM_SYS package that is used internally by the SYS.DBMS_AQADM package to provide procedures to manage Oracle Streams Advanced Queuing (AQ) configuration and administration information. This package contains the procedure DBLINK_INFO which is vulnerable to buffer overflow attacks. Affected versions include Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1.
58d76e3a0aef0c6352b4c4758f736521b656d25dc7b79ead00dce2d59a6de04bTeam SHATTER Security Alert - Oracle Database Server provides the MDSYS.SDO_CS package that contains subprograms for working with coordinate systems. This package contains the function TRANSFORM which is vulnerable to buffer overflow attacks. Affected versions include Oracle Database Server versions 8iR3, 9iR1, 9iR2 (9.2.0.6 and previous patchsets) and 10gR1 (10.1.0.4 and previous patchsets).
c1a8396a98fadf1347f49ba35e4dac43085a4c2e84bd788266f80b864f34c281Team SHATTER Security Alert - The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.
b7f6615f0debbfe75e060b13acd0cdd0900a209be592fb4d5cb17d1cc4a86b48Team SHATTER Security Alert - Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.
f258346bd6b03df6189ea2005f49b6ab5132d3b45e0b7b60c5b3544cd5a0ca45Oracle Database Server version 8i, 9i, and 10gR1 suffer from buffer overflow vulnerabilities in DBMS_SNAP_INTERNAL.
e2719905e19ea0ea42e881bdd6793b1527d1bdebb9522c082597bf21d1f8db5eOracle 10g Release 1 exploit for the GENERATESCHEMA buffer overflow with shellcode that creates a file named Unbreakable.txt.
8dcd96b32a3ae1a3fe4c1eab28829ac25e5c1eadd36797cb4a889d49c78de7f6Argeniss Security Advisory - Oracle Database Server provides the DBMS_XMLSCHEMA and DBMS_XMLSCHEMA_INT Packages that include procedures to register and delete XML schemas. These packages contain the public procedures GENERATESCHEMA and GENERATESCHEMAS that are vulnerable to buffer overflow attacks.
367ed9eab6261d53ec2bfcaf1f65901f75fa8a8fa1f0d9139fb4c8389da1b9d7A remote buffer overflow exists in the WebSphere application server administrative console.
e74e8ec2a3d866f38cbe94ade110b68eba3f1bf9f6b2b3b2c968770fe1798347A SQL injection vulnerability exists in the CREATE_SCN_CHANGE_SET procedure for Oracle database server version 10g.
a5212af4697367cfaddf9c5d2eecf257e160ca8ab7b17e47a8d5fbd82766578dA SQL injection vulnerability exists in the ALTER_MANUALLOG_CHANGE_SOURCEDBMS_METADATA procedure for Oracle database server version 10g.
6fe16250b05705d0c21788a7123ad48bf9b396fddbabb93bae3b81090b8ca7ebMultiple SQL injection vulnerabilities exist in the DBMS_METADATA package for Oracle database server versions 9i and 10g.
9c197b54da59422b26a68e8b4cc788a15635ca92f877520ad3c5ec7c525b0aa3Oracle Database Server version 10g has a flaw that allows any low privileged database user to execute functions with DBA privileges.
bd2ea7fcfad3776a3eb567cbc888e2578d0c447e690779f98950f1bccc8ab1dbOracle Database Server versions 9i and 10g suffer from denial of service vulnerabilities in their interMedia system.
6fa9a30526c515903a896294e0fe106983bd5cf8a9bcc4ecab61acd3f4f6e5fcSpecialized exploit for cases where SQL injection is possible against a Oracle PL/SQL setup.
d157fd2dfa2d66e860e087333a9d56513595d3653e44b2708d42626d1eb78d34Exploit for buffer overflow vulnerability in procedure MDSYS.MD2.SDO_CODE_SIZE within Oracle Database Server version 10.1.0.2 under Windows 2000 SP4.
a0f3cca0424aca2f2583ed61ffa387e3f18c17050746fbcb5ef2f5de1e81146fThis presentation explores new methods in exploiting SQL injection vulnerabilities inherent in Oracle Database. It contains a presentation with 37 slides and various exploits that demonstrate examples of flaws.
40233cb1502c958361ff1184ec472b9a2194b8341030a7d5db67ad47bf88d951AppSecInc Advisory - Multiple buffer overflow and denial of service (DoS) vulnerabilities exist in the Oracle Database Server which allow database users to take complete control over the database and optionally cause denial of service. Forty-four buffer overflows have been found. Exploitation of these vulnerabilities will allow an attacker to completely compromise the OS and the database if Oracle is running on Windows platform, because Oracle must run under the local System account or under an administrative account. If Oracle is running on *nix then only the database would be compromised because Oracle runs mostly under oracle user which has restricted permissions.
36977a3722720f6c3f2f1e3bbe50f6af68d1a8103afc604a75caff18382bb344
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed