Advisory: SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig...
Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 (and previous patchsets) Oracle Enterprise Manager Grid Control 10.2.0.4 (and previous patchsets)...
View ArticleAdvisory: Oracle Enterprise Manager vulnerable to Session fixation.
Risk Level: Low Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7 (and previous patchsets) Remote exploitable: Yes Credits: This vulnerability was discovered and...
View ArticleAdvisory: OCIPasswordChange API leaks information of password hash.
Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) Remote exploitable: Yes (No authentication...
View ArticleAdvisory: Some failed authentication attempts using OCIPasswordChange API are...
Risk Level: Medium Affected versions: Oracle Database Server version 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) Remote exploitable: Yes (No...
View ArticleAdvisory: Incomplete protection of Oracle Database locked accounts.
Risk Level: Low Affected versions: Oracle Database Server version 10gR1, 10gR2 (10.2.0.5 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) Remote exploitable: Yes (No authentication...
View ArticleAdvisory: HTTP Response Splitting in Oracle Enterprise Manager (prevPage...
Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 (and previous patchsets) Oracle Enterprise Manager Grid Control 10.2.0.5 (and previous...
View ArticleAdvisory: HTTP Response Splitting in Oracle Enterprise Manager (pageName...
Risk Level: Medium Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3 (and previous patchsets) Oracle Enterprise Manager Grid Control 10.2.0.5 (and previous...
View ArticleAdvisory: SQL Injection in Oracle Enterprise Manager (searchPage web page).
Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 (and previous patchsets) Oracle Enterprise Manager Grid Control 10.2.0.5, 11.1.0.1 (and previous...
View ArticleClik here to view.
Oracle Issues Security Advisory For 0-Day Affecting ALL Oracle Database Servers
Summary: Oracle rushes out a security advisory with workarounds for a dangerous Database Server security flaw that dates back to 2008. Oracle is scrambling to contain the damage from a vulnerability...
View ArticleClik here to view.
Breaking Down The Oracle 0-Day TNS Listener Poison Attack
A lot has been written in the last week about the Oracle TNS Listener Poison Attack (CVE-2012-1675). Not everything that has been published is correct. I have spent a great deal of time investigating...
View Article