| 9! | Multiple Orcale security vulnerabilities.... again...
updated since 18.01.2007
|
 | | Released security update fixes 17 security vulnerabilities for Oracle Database, 9 vulnerabilities in Oracle HTTP Server, 12 security vulnerabilities for Oracle Application Server, 7 vulnerabilities for Oracle E-Business Suite, 6 security bugs in Oracle Enterprise Manager, 3 bugs in Oracle PeopleSoft Enterprise PeopleTools. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment. |
| 8! | Multiple Oracle application server vulnerabilities
updated since 19.04.2005
|
| | SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in temporary files. Weak permissions for temporary files. Reading and writing any file with Oracle Reports. Command execution with Oracle Forms and Oracle Reports. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment. |
| 7! | Multiple Oracle Database Server security problems
updated since 18.01.2005
|
| | SQL injection, privilege escalation, buffer overflows. |
| 6! | Oracle E-Business Suite SQL injection
updated since 05.06.2004
|
| | Multiple SQL injection conditions. |
| 6! | Oracle E-Business Suite multiple bugs
|
| | Buffer overflow in FNDWRR CGI. Unauthorized access to configuration data. |
| 6! | Unauthorized file access via Oracle fndfs |
| | | |
| | |
