Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle Application Server Exploits


This section contains exploits for the Oracle Application Server.


14-sep-2005 SQL Injection in Oracle Reports [SQL Injection]
12-apr-2005 SQL Injection in Oracle Forms [SQL Injection]
2-may-2005 Corrupt files via Webcache [D.o.S.]
26-apr-2005 SQL Injection in Oracle Portal via WWV_FORM [SQL Injection]
14-may-2005 Cross Site Scripting in iSQL*Plus logon parameter [CSS]
14-may-2005 Cross Site Scripting in iSQL*Plus action parameter [CSS]
14-may-2005 Read files via iSQL*Plus load.uix [Read files]



2005 by Red-Database-Security GmbH - last update 02-nov-2005

Hardening Oracle Application Server

  • Change Default Password in the Infrastructure Database
  • Protect the TNS Listener
  • Remove Demo Applications / Pages
  • Disable Reports Diagnosis Pages
  • Disable Forms Query/Where
  • Stop unneeded Components