| 9! | Oracle multiple application security vulnerabilities
|
 | | >20 vulnerabilities are fixed in different Oracle applications. |
| 9! | Oracle applications multiple security vulnerabilities
updated since 15.01.2009
|
| | Oracle Critical Patch Update fixes >40 of different vulnerabilities in all Oracle applications. |
| 8! | Oracle multiple security vulnerabilities
updated since 22.10.2009
|
| | Oracle quarterly Critical Patch Update fixes approximately 40 vulnerabilities in different Oracle products. |
| 8! | Multiple Oracle application server vulnerabilities
updated since 19.04.2005
|
| | SQL injections, DoS, data modification, crossite scripting, privilege escalation, audit setings modification. Password is passed from JDeveloper to SQLPlus in cleartext. JDeveloper password is stored in cleartext in different XML configuration files. Cleartext FormBuilder password is stored in temporary files. Weak permissions for temporary files. Reading and writing any file with Oracle Reports. Command execution with Oracle Forms and Oracle Reports. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment. |
| | |
