Published Security Alerts

Published Security Alerts 9 Jan 2006 13:00:00 GMT http://www.red-database-security.com/advisory/published_alerts.html Published Security Alerts en-us SQL Injection in SYS.KUPV$FT in Oracle 10g. Rel. 1 17 Jan 2006 18:00:00 GMT http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft.html SQL Injection in SYS.KUPV$FT_INT in Oracle 10g. Rel. 1 17 Jan 2006 18:00:00 GMT http://www.red-database-security.com/advisory/oracle_sql_injection_kupv$ft_int.html Event 10053 logs TDE wallet password in cleartext 17 Jan 2006 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_tde_wallet_password.html Transparent Data Encryption stores key unencrypted in the SGA 17 Jan 2006 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html Cross-Site-Scripting in Oracle Workflow wf_route 20 Oct 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_workflow_css_wf_route.html Cross-Site-Scripting in Oracle Workflow wf_monitor 20 Oct 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_workflow_css_wf_monitor.html Shutdown listener via iSQL*Plus 7 Oct 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html Shutdown listener via Forms Servlet 7 Oct 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_forms_shutdown.html Plaintext Passwords logged during Installation of Oracle HTMLDB 7 Oct 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_htmldb_plaintext_password.html Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB 7 Oct 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_htmldb_css.html Cross-Site-Scripting Vulnerabilities in Oracle iSQL*Plus 7 Oct 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_isqlplus_css.html Cross-Site-Scripting Vulnerabilities in Oracle XMLDB 7 Oct 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_xmldb_css.html Various Cross-Site-Scripting Vulnerabilities in Oracle Report 19 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_reports_various_css.html Read parts of any XML-file on the application server via Oracle Report 19 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html Read parts of any file on the application server via Oracle Report 19 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html Overwrite any file on the application server via Oracle Report 19 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html Run any OS Command via uploaded Oracle Report from any directory 19 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_reports_run_any_os_command.html Run any OS Command via uploaded Oracle Forms from any directory 19 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_forms_run_any_os_command.html Oracle JDeveloper passes plaintext password 12 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html Plaintext password in Oracle JDeveloper 12 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html Unsecure temp file handling in Oracle Formsbuilder 12 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_formsbuilder_temp_file_issue.html Unsecure temp file handling in Oracle Forms 12 Jul 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html Fine Grained Auditing issue in Oracle 9i / 10g 02 May 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html DBMS_SCHEDULER 10g SELECT user issue in Oracle 10g 02 May 2005 13:00:00 GMT http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html Webcache Client Requests bypasses OHS mod_access Restrictions 26 Apr 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_webcache_bypass.html File append vulnerability in Webcache Admin Console 26 Apr 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html CSS in Webcache Admin Console 26 Apr 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html CSS in BEA admin console 25 Apr 2005 13:00:00 GMT http://www.red-database-security.com/advisory/bea_css_in_admin_console.html SQL Injection in Oracle Forms 12 Apr 2005 13:00:00 GMT http://www.red-database-security.com/wp/sql_injection_forms_us.pdf Buffer Overflow in Create Database Link in Oracle8i - 9i 18 Jan 2005 13:00:00 GMT http://www.red-database-security.com/advisory/oracle_buffer_overflow_in_create_database_link.html