Published: 2007-07-22T23:11+00:00
Last Updated: 2007-07-22T23:11+00:00
TRTA07-200A
Oracle Releases Patches for Multiple Vulnerabilities
Overview
Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
Event Information
| Date (UTC) | Description |
| 2007-07-21 09:53 |
Bugtraq Oracle bad Views - Exploit released Vulnerabilities in Oracle Database (CVE-2007-3855) Proof Of Concept #Cid: bunkerview.sql |
| 2007-07-19 20:40 |
US-CERT TA07-200A: Oracle Releases Patches for Multiple Vulnerabilities Via US-CERT Mailing List Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. |
| 2007-07-18 21:52 |
Application Security Inc. Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03) Oracle Database Vuln# DB03 Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks. |
| 2007-07-18 21:50 |
Application Security Inc. Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) Oracle Database Vuln# DB12 Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks. |
| 2007-07-18 17:32 |
US-CERT Oracle Releases July Critical Patch Update Oracle has released their July Critical Patch Update (CPU) to address vulnerabilities across all products, some of which have a maximum severity rating of High. This CPU contains eighteen security fixes for Oracle Database; one for Oracle Application Express; four for Oracle Application Server; five for Oracle Collaboration Suite; fourteen for Oracle E-Business Suite; and seven for Oracle PeopleSoft Enterprise. |
| 2007-07-17 20:21 |
Oracle Oracle Critical Patch Update - July 2007 |
| 2007-05-07 |
Red-Database-Security SQL Injection Vulnerability in Oracle CHECK_DB_PASSWORD Vulnerability Reported The function wwv_flow_security.check_db_password contains a SQL injection vulnerability. Oracle is using the ALTER USER command to change the password of a database user without doing an input validation of the password (=typical Oracle PL/SQL programming fault). |
| 2006-10-24 |
Red-Database-Security Insert / Update / Delete Data via Views [DB17] Oracle Database Vuln# DB17 Vulnerability Reported Updates, deletes and inserts are possible via specially crafted views without having the right privileges. This vulnerability is not identical with similar vulnerabilities fixed with April 2006 CPU and October 2006 CPU. |
| 2005-11-01 |
Red-Database-Security SQL Injection in package DBMS_PRVTAQIS [DB02] Oracle Database Vuln# DB02 Vulnerability Reported The package DBMS_PRVTAQIS contains a SQL injection vulnerability. |