Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle 9i Exploits



This section contains exploits for Oracle 9i. A database with the latest patches,

e.g. Oracle Critical Patch Update Oct 2006, is not vulnerable.




2006

 

20-apr-2006 SQL Injection in dbms_export_extension - [Become DBA]
10-apr-2006 Privilege escalation via Views and outer joins (9.0.1)- [Become DBA]
27-jan-2006 Buffer overflow DBMS_XMLSCHEMA_INT - [Create Remote Shell]

2005

 

25-apr-2005 SQL Injection vulnerability in CTXSYS.DRILOAD - [Become DBA]
25-apr-2005 Buffer overflow vulnerability in DBMS_SYSTEM.KSDWRT - [Crash Database]
25-apr-2005 Buffer overflow vulnerability in Create Database Link - [Crash Database]
18-apr-2005 SQL Injection vulnerability in DBMS_METADATA - [Become DBA]
18-apr-2005 SQL Injection vulnerability in DBMS_CDC_SUBSCRIBE / DBMS_CDC_ISUBSCRIBE - [Become DBA]
18-apr-2005 Denial of service vulnerability in Oracle Intermedia [Denial of Service]
15-may-2005 Buffer Overflow in XDB FTP PASS parameter [Buffer Overflow]
15-may-2005 Buffer Overflow in XDB FTP UNLOCK parameter [Buffer Overflow]
14-may-2005 Cross Site Scripting in iSQL*Plus action parameter [CSS]
14-may-2005 Cross Site Scripting in iSQL*Plus logon parameter [CSS]
14-may-2005 Buffer Overflow in numtodsinterval [Execute Code]
14-may-2005 Buffer Overflow in numtomyinterval [Execute Code]
10-may-2005 Buffer Overflow in DBMS_REPCAT_FGT [Crash Database / Execute Code]
10-may-2005 Buffer Overflow in various file parameters [Crash Database / Execute Code]
10-may-2005 Buffer Overflow in DBMS_REPCAT_ADMIN [Crash Database / Execute Code]
10-may-2005 Buffer Overflow in DBMS_REPCAT [Crash Database / Execute Code]
5-may-2005 Directory Traversal via UTL_FILE [Become DBA]
2-may-2005 Become DBA via DBMS_SYS_SQL [Become DBA]
1-may-2005 Buffer Overflow in DBMS_REPCAT_INSTANTIATE [Crash Database / Execute Code]



2005-2006 by Red-Database-Security GmbH - last update: 2-nov-2006

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.