 |
|
|
|
| 8! | Multiple Oracle application server vulnerabilities
updated since 19.04.2005
|  | | SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in temporary files. Weak permissions for temporary files. Reading and writing any file with Oracle Reports. Command execution with Oracle Forms and Oracle Reports. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment. |
| | |
|
|
|
|
|
|
|
|
