Oracle 10g exploits

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap

Oracle 10g Exploits

This section contains exploits for Oracle 10g. A database with the latest patches,

e.g. Oracle Critical Patch Update Apr 2009, is not vulnerable.

2009
2-jul-2009	SQL Injection in SYS.LT.COMPRESSWORKSPACETREE - [Become DBA]
21-apr-2009	TNS Listener Exploit - [D.o.S.]
18-feb-2009	SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL - [Become DBA]
06-jan-2009	SQL Injection in SYS.LT.COMPRESSWORKSPACETREE - [Become DBA]
06-jan-2009	SQL Injection in SYS.LT.MERGEWORKSPACE - [Become DBA]
06-jan-2009	SQL Injection in SYS.LT.REMOVEWORKSPACE - [Become DBA]

2008
20-nov-2008	Privilege Escalation in Database Vault ptrace - [Bypass Database Vault]
28-jan-2008	Buffer Overflow in xdb_xdb_pitrig_pkg - [Become DBA]
28-jan-2008	PLSQL Injection in xdb_xdb_pitrig_pkg - [Become DBA]
28-jan-2008	PLSQL Injection in pitrig_truncate - [Become DBA]

2007
28-nov-2007	Buffer Overflow in XDB_PITRIG_PKG.PITRIG_DROPMETADATA - [Crash DB]
28-nov-2007	SQL Injection in SYS.LT.FINDRICSET with IDS Evasion - [Become DBA]
28-nov-2007	SQL Injection in SYS.LT.FINDRICSET - [Become DBA]
28-nov-2007	SQL Injection in SYS.LT.FINDRICSET - [Become DBA]
28-nov-2007	SQL Injection in CTX_DOC.MARKUP - [Become DBA]
28-nov-2007	SQL Injection in SYS.KUPM$MCP.MAIN - [Become DBA]
28-nov-2007	SQL Injection in SYS.KUPM$MCP.MAIN - [Become DBA]
25-mar-2007	SQL Injection in KUPV$FT - [Become DBA] - via cursor
25-mar-2007	Local Privilege Escalation (win32) - [Become DBA]
25-mar-2007	SQL Injection in KUPM$MCP - [Become DBA] - via cursor
25-mar-2007	SQL Injection in KUPW$WORKER - [Become DBA] - cursor

2006
17-nov-2006	SQL Injection in KUPW$WORKER - [Become DBA]
20-apr-2006	SQL Injection in dbms_export_extension - [Become DBA]

2005
27-jan-2006	Buffer overflow DBMS_XMLSCHEMA - [Crash File on Database Server]
27-jan-2006	Buffer overflow DBMS_XMLSCHEMA_INT - [Create Remote Shell]
01-may-2005	OS command injection in DBMS_SCHEDULER - [Become DBA]
18-apr-2005	SQL Injection vulnerability in DBMS_METADATA - [Become DBA]
18-apr-2005	SQL Injection vulnerability in DBMS_CDC_SUBSCRIBE / DBMS_CDC_ISUBSCRIBE - [Become DBA]
18-apr-2005	Denial of service vulnerability in Oracle Intermedia [Denial of Service]
2-may-2005	Become DBA via DBMS_SYS_SQL [Become DBA]
2-may-2005	Switch username to SYS after executing a job via DBMS_SCHEDULER [Switch Username]
5-may-2005	Buffer Overflow in MDSYS.MD2.SDO_CODE_SIZE [Become DBA / Run OS Cmd]

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.

2009

2008

2007

2006

2005