Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle 10g Exploits


This section contains exploits for Oracle 10g. A database with the latest patches,

e.g. Oracle Critical Patch Update Apr 2009, is not vulnerable.


2009

 

2-jul-2009 SQL Injection in SYS.LT.COMPRESSWORKSPACETREE - [Become DBA]
21-apr-2009 TNS Listener Exploit - [D.o.S.]
18-feb-2009 SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL - [Become DBA]
06-jan-2009 SQL Injection in SYS.LT.COMPRESSWORKSPACETREE - [Become DBA]
06-jan-2009 SQL Injection in SYS.LT.MERGEWORKSPACE - [Become DBA]
06-jan-2009 SQL Injection in SYS.LT.REMOVEWORKSPACE - [Become DBA]


2008

 

20-nov-2008 Privilege Escalation in Database Vault ptrace - [Bypass Database Vault]
28-jan-2008 Buffer Overflow in xdb_xdb_pitrig_pkg - [Become DBA]
28-jan-2008 PLSQL Injection in xdb_xdb_pitrig_pkg - [Become DBA]
28-jan-2008 PLSQL Injection in pitrig_truncate - [Become DBA]


2007

 

28-nov-2007 Buffer Overflow in XDB_PITRIG_PKG.PITRIG_DROPMETADATA - [Crash DB]
28-nov-2007 SQL Injection in SYS.LT.FINDRICSET with IDS Evasion - [Become DBA]
28-nov-2007 SQL Injection in SYS.LT.FINDRICSET - [Become DBA]
28-nov-2007 SQL Injection in SYS.LT.FINDRICSET - [Become DBA]
28-nov-2007 SQL Injection in CTX_DOC.MARKUP - [Become DBA]
28-nov-2007 SQL Injection in SYS.KUPM$MCP.MAIN - [Become DBA]
28-nov-2007 SQL Injection in SYS.KUPM$MCP.MAIN - [Become DBA]
25-mar-2007 SQL Injection in KUPV$FT - [Become DBA] - via cursor
25-mar-2007 Local Privilege Escalation (win32) - [Become DBA]
25-mar-2007 SQL Injection in KUPM$MCP - [Become DBA] - via cursor
25-mar-2007 SQL Injection in KUPW$WORKER - [Become DBA] - cursor


2006

 

17-nov-2006 SQL Injection in KUPW$WORKER - [Become DBA]
20-apr-2006 SQL Injection in dbms_export_extension - [Become DBA]


2005

 

27-jan-2006 Buffer overflow DBMS_XMLSCHEMA - [Crash File on Database Server]
27-jan-2006 Buffer overflow DBMS_XMLSCHEMA_INT - [Create Remote Shell]
01-may-2005 OS command injection in DBMS_SCHEDULER - [Become DBA]
18-apr-2005 SQL Injection vulnerability in DBMS_METADATA - [Become DBA]
18-apr-2005 SQL Injection vulnerability in DBMS_CDC_SUBSCRIBE / DBMS_CDC_ISUBSCRIBE - [Become DBA]
18-apr-2005 Denial of service vulnerability in Oracle Intermedia [Denial of Service]
2-may-2005 Become DBA via DBMS_SYS_SQL [Become DBA]
2-may-2005 Switch username to SYS after executing a job via DBMS_SCHEDULER [Switch Username]
5-may-2005 Buffer Overflow in MDSYS.MD2.SDO_CODE_SIZE [Become DBA / Run OS Cmd]



2005-2009 by Red-Database-Security GmbH - last update: 2-Jul-2009

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.