Published: 2007-10-21T21:40+00:00
Last Updated: 2008-05-25T04:15+00:00
TRTA07-290A
Oracle Updates for Multiple Vulnerabilties
Overview
Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
Event Information
| Date (UTC) | Description |
| 2007-10-26 13:03 |
Bugtraq Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit Vulnerability Proof Of Concept (CVE-2007-5511) #Cid: sys-lt-findricset.pl |
| 2007-10-26 13:03 |
Bugtraq Oracle 10g/11g SYS.LT.FINDRICSET Local SQL Injection Exploit (2) Vulnerability Proof Of Concept (CVE-2007-5511) #Cid: sys-lt-findricsetV2.pl |
| 2007-10-26 |
Bugtraq Oracle 10g LT.FINDRICSET Local SQL Injection Exploit (IDS evasion) Vulnerability Proof Of Concept (CVE-2007-5511) |
| 2007-10-23 |
Bugtraq Oracle 10g CTX_DOC.MARKUP SQL Injection Exploit Vulnerability Proof Of Concept (CVE-2007-5508) #Cid: 26101.sql |
| 2007-10-17 19:13 |
US-CERT TA07-290A: Oracle Updates for Multiple Vulnerabilties Via US-CERT Mailing List Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. |
| 2007-10-17 13:24 |
US-CERT Oracle Releases October Critical Patch Update Oracle has released their October Critical Patch Update (CPU) to address 51 vulnerabilities across several products. This CPU contains twenty-eight security fixes for Oracle Database; eleven for Oracle Application Server; seven for Oracle Collaboration Suite; eight for Oracle E-Business Suite; two for Oracle Enterprise Manager; two for Oracle PeopleSoft Enterprise PeopleTools; and one for PeopleSoft Enterprise Human Capital Management. |
| 2007-10-16 20:47 |
Oracle Oracle Critical Patch Update - October 2007 |
| 2006-08-23 |
NGSSoftware #NISR17102007B: SQL Injection Flaw in Oracle Workspace Manager Vulnerability Reported The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection. |
| 2006-06-23 |
NGSSoftware #NISR17102007D: Oracle RDBMS Data packet DoS Oracle Database Vuln# DB20 Vulnerability Reported The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a Denial of Service condition. |
| 2006-06-22 |
NGSSoftware #NISR17102007C: Oracle TNS Listener DoS and/or remote memory inspection Oracle Database Vuln# DB22 Vulnerability Reported The TNS Listener can be crashed by an attacker causing a Denial of Service; alternatively the attacker can use the same flaw to expose memory contents remotely. This may reveal sensitive information. |
| 2006-06-06 |
NGSSoftware #NISR17102007A: Multiple SQL Injection Flaws in Oracle CTX_DOC package Oracle Database Vuln# DB03 Vulnerability Reported The Intermedia application in Oracle 10g release 1 and 2 is vulnerable to SQL injection. |
| 2006-03-09 |
NGSSoftware #NISR17102007E: Oracle audit issue with XMLDB ftp service Oracle Database Vuln# DB23 Vulnerability Reported The Oracle XML DB ftp service contains problems with auditing logins. |
| 2005-02-25 |
Application Security Inc. Team SHATTER Security Alert Oracle 2007-08: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO Vulnerability Reported Oracle Database Server provides the SYS.DBMS_AQADM_SYS package that is used internally by the SYS.DBMS_AQADM package to provide procedures to manage Oracle Streams Advanced Queuing (AQ) configuration and administration information. This package contains the procedure DBLINK_INFO which is vulnerable to buffer overflow attacks. |
| 2005-02-25 |
Application Security Inc. Team SHATTER Security Alert Oracle 2007-09: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM Vulnerability Reported Oracle Database Server provides the MDSYS.SDO_CS package that contains subprograms for working with coordinate systems. This package contains the function TRANSFORM which is vulnerable to buffer overflow attacks. |