Package |
Function/Procedure |
Granted to |
Vulnerability / Change |
KUPV$FT |
ATTACH_JOB |
|
Parameter user_name and job_name vulnerable against SQL Injection |
KUPV$FT |
HAS_PRIVS |
|
Parameter linkname vulnerable against SQL Injection |
KUPV$FT |
OPEN_JOB |
|
Parameter user_name, job_name, operation, job_mode vulnerable against SQL Injection |
KUPV$FT_INT |
ACTIVE_JOB |
|
Parameter user_name, job_name vulnerable against SQL Injection |
KUPV$FT_INT |
ATTACH_POSSIBLE |
|
Parameter user_name, job_name vulnerable against SQL Injection |
KUPV$FT_INT |
ATTACH_TO_JOB |
|
Parameter jobid vulnerable against SQL Injection |
KUPV$FT_INT |
CREATE_NEW_JOB |
|
Parameter user_name, job_name vulnerable against SQL Injection |
KUPV$FT_INT |
DELETE_JOB |
|
Parameter user_name, job_name vulnerable against SQL Injection |
KUPV$FT_INT |
DELETE_MASTER_TABLE |
|
Parameter user_name, job_name vulnerable against SQL Injection |
KUPV$FT_INT |
DETACH_JOB |
|
Parameter handle vulnerable against SQL Injection |
KUPV$FT_INT |
GET_JOB_INFO |
|
Parameter handle, job_id vulnerable against SQL Injection |
KUPV$FT_INT |
GET_JOB_INFO (2nd function) |
|
Parameter user_name, job_name vulnerable against SQL Injection |
KUPV$FT_INT |
GET_JOB_QUEUES |
|
Parameter handle, job_id vulnerable against SQL Injection |
KUPV$FT_INT |
GET_JOB_QUEUES (2nd function) |
|
Parameter user_name, job_name vulnerable against SQL Injection |
KUPV$FT_INT |
GET_SOLE_JOBNAME |
|
Parameter user_name is vulnerable against SQL Injection |
KUPV$FT_INT |
MASTER_TBL_LOCK |
|
Parameter user_name, job_name, master_objid vulnerable against SQL Injection |
KUPV$FT_INT |
SET_EVENT |
|
Parameter event_number, level vulnerable against SQL Injection |
KUPV$FT_INT |
VALID_HANDLE |
|
Parameter handle vulnerable against SQL Injection |
KUPV$FT_INT |
UPDATE_JOB |
|
Parameter user_name, job_name vulnerable against SQL Injection |
DBMS_DATAPUMP (DB06) |
GENERATE_JOB_NAME |
|
Parameter operation, job_mode vulnerable against SQL Injection |
DBMS_DATAPUMP (DB06) |
|
|
|
DBMS_DATAPUMP (DB06) |
GET_WORKERSTATUSLIST1010 |
|
Parameter job_rec.mt_name vulnerable against SQL Injection |
DBMS_DATAPUMP (DB06) |
GET_PARAMVALUES1010 |
|
Parameter job_rec.mt_name vulnerable against SQL Injection |
DBMS_DATAPUMP (DB06) |
GET_DUMPFILESET1010 |
|
Parameter job_rec.mt_name vulnerable against SQL Injection |
DBMS_DATAPUMP (DB06) |
GET_JOBSTATUS1010 |
|
Parameter job_rec.mt_name vulnerable against SQL Injection |
DBMS_DATAPUMP (DB06) |
ATTACH |
|
Parameter job_name vulnerable against SQL Injection |
DBMS_DATAPUMP (DB06) |
ESTABLISH_REMOTE_CONTEXT |
|
Parameter remote_link vulnerable against SQL Injection |
DBMS_REGISTRY (DB28) |
IS_COMPONENT |
|
Parameter SYS_CONTEXT('REGISTRY$CTX','NAMESPACE') vulnerable against SQL Injection |
DBMS_REGISTRY (DB28) |
GET_COMP_OPTION |
|
Parameter SYS_CONTEXT('REGISTRY$CTX','NAMESPACE') vulnerable against SQL Injection |
DBMS_REGISTRY (DB28) |
DISABLE_DDL_TRIGGERS |
|
Parameter DBMS_REGISTRY.SCHEMA(), TRIGGER_NAME vulnerable against SQL Injection |
DBMS_REGISTRY (DB28) |
SCRIPT_EXISTS |
|
Parameter path vulnerable against SQL Injection |
DBMS_REGISTRY (DB28) |
COMP_PATH |
|
Parameter SYS_CONTEXT('REGISTRY$CTX','NAMESPACE') vulnerable against SQL Injection |
DBMS_REGISTRY (DB28) |
GATHER_STATS |
|
Parameter comp_id vulnerable against SQL Injection |
DBMS_REGISTRY (DB28) |
NOTHING_SCRIPT |
|
Parameter SYS_CONTEXT('REGISTRY$CTX','NAMESPACE') vulnerable against SQL Injection |
DBMS_REGISTRY (DB28) |
VALIDATE_COMPONENTS |
|
SQL Injection via REGISTRY$.VPROC possible |
DBMS_CDC_UTILITY (DB02) |
DROP_USER |
PUBLIC |
Parameter user_name vulnerable against SQL Injection |
DBMS_CDC_UTILITY (DB02) |
CDC_ALLOCATE_LOCK |
PUBLIC |
Parameter lockname vulnerable against SQL Injection |
DBMS_CDC_PUBLISH (DB25) |
SET_DIRECTORY_ROOT |
|
Parameter root_directory vulnerable against SQL Injection |
DBMS_METADATA_UTIL (DB05) |
LONG2VARCHAR |
|
Parameter col, tab vulnerable against SQL Injection |
DBMS_METADATA_UTIL (DB05) |
LONG2VCMAX |
|
Parameter col, tab vulnerable against SQL Injection |
DBMS_METADATA_UTIL (DB05) |
LONG2VCNT |
|
Parameter col, tab vulnerable against SQL Injection |
DBMS_METADATA_UTIL (DB05) |
LONG2CLOB |
PUBLIC |
Parameter col, tab vulnerable against SQL Injection |
DBMS_METADATA_INT (DB05) |
MAKE_FILTER |
PUBLIC |
T_MF_FILTER(I_MF),T_MF_ATTRNAME(I_MF) vulnerable against SQL Injection |
DBMS_METADATA_INT (DB05) |
FETCH_VIEWS_ERROR |
PUBLIC |
CONTEXT_LIST(IND).OBJECT_TYPE, CONTEXT_LIST(IND).OBJECT_TYPE, CONTEXT_LIST(IND).MODEL, VSN vulnerable against SQL Injection |
DBMS_METADATA_INT (DB05) |
FETCH_FILTERS |
|
Parameter name, vulnerable against SQL Injection |
DBMS_METADATA_INT (DB05) |
FETCH_VIEWS |
|
CONTEXT_LIST(IND).OBJECT_TYPE, CONTEXT_LIST(IND).MODEL, name vulnerable against SQL Injection |
DBMS_METADATA_INT (DB05) |
SET_FILTER_COMMON |
|
Parameter text_value, vulnerable against SQL Injection |
DBMS_METADATA_INT (DB05) |
DO_FILTER_SCRIPT |
|
CONTEXT_LIST(IND).OBJECT_TYPE, CONTEXT_LIST(IND).MODEL vulnerable against SQL Injection |
DBMS_METADATA_INT (DB05) |
SET_TABLE_FILTERS |
|
FILTER_LIST(NAME_IND).TEXT_VALUE, FILTER_LIST(SCHEMA_IND).TEXT_VALUE vulnerable against SQL Injection |
DBMS_METADATA_INT (DB05) |
MAKE_FILTER_TEXT |
|
Parameter OBJNUM_FUNCTION, SORTOBJNUM_FUNCTION vulnerable against SQL Injection |
DBMS_METADATA (DB05) |
GET_PREPOST_TABLE_ACT |
PUBLIC |
SQL Injection |
CTXSYS.DRILOAD (DB17) |
VALIDATE_STATEMENT |
PUBLIC |
Parameter sqlstmt vulnerable against SQL Injection |
CTXSYS.DRILOAD (DB17) |
BUILD_DML |
|
LV_INDEX.IDX_OWNER, LV_INDEX.IDX_TABLE vulnerable against SQL Injection |
CTXSYS.DRIDML (DB17) |
CLEAN_DML |
|
username, tablename vulnerable against SQL Injection |
CTXSYS.CTX_DOC (DB17) |
GET_ROWID |
PUBLIC |
Parameter P_IDX (Record) vulnerable against SQL Injection |
CTXSYS.CTX_QUERY (DB17) |
BROWSE_WORDS |
PUBLIC |
Parameter RESTAB vulnerable against SQL Injection |
CATINDEXMETHODS (DB17) |
ODCIINDEXTRUNCATE |
|
Parameter IA.INDEXSCHEMA, IA.INDEXNAME vulnerable against SQL Injection |
CATINDEXMETHODS (DB17) |
ODCIINDEXDROP |
|
Parameter IA.INDEXSCHEMA, IA.INDEXNAME vulnerable against SQL Injection |
CATINDEXMETHODS (DB17) |
ODCIINDEXDELETE |
|
Parameter IA.INDEXSCHEMA, IA.INDEXNAME vulnerable against SQL Injection |
DBMS_XMLSCHEMA (DB29) |
GENERATESCHEMA |
PUBLIC |
Parameter SCHEMANAME and TYPENAME vulnerable against Buffer Overflow |
DBMS_XMLSCHEMA (DB29) |
GENERATESCHEMAS |
PUBLIC |
Parameter SCHEMANAME and TYPENAME vulnerable against Buffer Overflow |
DBMS_XMLSCHEMA_INT (DB29) |
GENERATESCHEMA |
|
Parameter SCHEMANAME and TYPENAME vulnerable against Buffer Overflow |
DBMS_XMLSCHEMA_INT (DB29) |
GENERATESCHEMAS |
|
Parameter SCHEMANAME and TYPENAME vulnerable against Buffer Overflow |