Products
Repscan 2008
PLSQL-Scanner
Hedgehog Enterpise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Videos
Scripts

News & Events
Events
News

Company
Blog
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle 10g Exploits


This section contains exploits for Oracle 10g. A database with the latest patches,

e.g. Oracle Critical Patch Update Oct 2007, is not vulnerable.


2007

 
28-nov-2007 Buffer Overflow in XDB_PITRIG_PKG.PITRIG_DROPMETADATA - [Crash DB]
28-nov-2007 SQL Injection in SYS.LT.FINDRICSET with IDS Evasion - [Become DBA]
28-nov-2007 SQL Injection in SYS.LT.FINDRICSET - [Become DBA]
28-nov-2007 SQL Injection in SYS.LT.FINDRICSET - [Become DBA]
28-nov-2007 SQL Injection in CTX_DOC.MARKUP - [Become DBA]
28-nov-2007 SQL Injection in SYS.KUPM$MCP.MAIN - [Become DBA]
28-nov-2007 SQL Injection in SYS.KUPM$MCP.MAIN - [Become DBA]
25-mar-2007 SQL Injection in KUPV$FT - [Become DBA] - via cursor
25-mar-2007 Local Privilege Escalation (win32) - [Become DBA]
25-mar-2007 SQL Injection in KUPM$MCP - [Become DBA] - via cursor
25-mar-2007 SQL Injection in KUPW$WORKER - [Become DBA] - cursor


2006

 
17-nov-2006 SQL Injection in KUPW$WORKER - [Become DBA]
20-apr-2006 SQL Injection in dbms_export_extension - [Become DBA]


2005

 
27-jan-2006 Buffer overflow DBMS_XMLSCHEMA - [Crash File on Database Server]
27-jan-2006 Buffer overflow DBMS_XMLSCHEMA_INT - [Create Remote Shell]
01-may-2005 OS command injection in DBMS_SCHEDULER - [Become DBA]
18-apr-2005 SQL Injection vulnerability in DBMS_METADATA - [Become DBA]
18-apr-2005 SQL Injection vulnerability in DBMS_CDC_SUBSCRIBE / DBMS_CDC_ISUBSCRIBE - [Become DBA]
18-apr-2005 Denial of service vulnerability in Oracle Intermedia [Denial of Service]
2-may-2005 Become DBA via DBMS_SYS_SQL [Become DBA]
2-may-2005 Switch username to SYS after executing a job via DBMS_SCHEDULER [Switch Username]
5-may-2005 Buffer Overflow in MDSYS.MD2.SDO_CODE_SIZE [Become DBA / Run OS Cmd]



© 2005-2007 by Red-Database-Security GmbH - last update: 28-Nov-2007

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.