Published: 2008-11-23T00:50+00:00
Last Updated: 2008-11-23T00:50+00:00
JVNTR-2008-06
Oracle Updates for Multiple Vulnerabilities - October 2008
Overview
Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
Event Information
| Date (UTC) | Description |
| 2008-10-22 12:36 |
petefinnigan.com APEX (Oracle Appication Express) FLOWS excessive privileges Oracle Database The public disclosure of the vulnerability by the reporter. |
| 2008-10-15 18:53 |
Oracle Oracle Critical Patch Update Advisory - October 2008 |
| 2008-10-15 13:14 |
US-CERT Oracle Releases Critical Patch Update for July 2008 US-CERT Current Activity Oracle has released their Critical Patch Update for October 2008 to address 36 vulnerabilities across several products. |
| 2008-10-14 23:52 |
SANS Internet Storm Center Oracle quarterly patches on black tuesday For those that do patch their databases, I'd suggest you round up your DBAs and run over these with them as well as your server administrators who'll get potentially a lot more work as well on "reboot wednesday". |
| 2008-08-04 |
Imperva, Inc. Oracle People Tools - Authentication Weakness Oracle People Tools Vulnerability Reported Upon a false login attempt, the message "Your User ID and/or Password are invalid" is returned to the user. |
| 2008-03-20 |
Application Security Inc. Team SHATTER Security Alert Oracle 2008-09: Oracle Database SQL Injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE Oracle Database Server Vulnerability Reported The PL/SQL package DBMS_CDC_PUBLISH owned by SYS has an instance of SQL Injection in the ALTER_AUTOLOG_CHANGE_SOURCE procedure. |
| 2008-03-20 |
Application Security Inc. Team SHATTER Security Alert Oracle 2008-08: Oracle Database SQL Injection in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE Oracle Database Server Vulnerability Reported The PL/SQL package DBMS_CDC_IPUBLISH owned by SYS has an instance of SQL Injection in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure. |
| 2007-09-24 |
Application Security Inc. Team SHATTER Security Alert Oracle 2008-11: Oracle Database Multiple SQL Injection vulnerabilities in LTADM Oracle Database Server Vulnerability Reported Oracle Database provides the "LTADM" PL/SQL package that is part of the Oracle Workspace Manager component. This package has instances of SQL Injection in COMPRESSSTATE and GOTOTS procedures. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releses) or by WMSYS (on newer releases). |
| 2007-08-22 |
Application Security Inc. Team SHATTER Security Alert Oracle 2008-10: Oracle Database multiple SQL Injection vulnerabilities in Workspace Manager Oracle Database Server Vulnerability Reported Oracle Database provides the "LT" PL/SQL package that is part of the Oracle Workspace Manager component. This package has multiple instances of SQL Injection in COMPRESSWORKSPACETREE, MERGEWORKSPACE and REMOVEWORKSPACE procedures. Dependening on what Oracle Workspace Manager release is installed, this PL/SQL package is owned by SYS (on older releses) or by WMSYS (on newer releases). |
| 2005-12-13 |
Imperva, Inc. Oracle DBMS Proxy Authentication Vulnerability Oracle Database Vulnerability Reported While the user sessions are open through the proxy connection, an attacker can create a new connection to the database impersonating the original user without supplying a password. |