Many web applications are vulnerable to SQL injection attacks that make use of database functions. Any dynamic SQL statement that uses un-validated end-user string input can be exploited by this type of SQL injection attack. This specific type of...
Oracle Database Function Buffer Overflows – Additional Information
Buffer overflows have been discovered in a number of Oracle standard database functions. An attacker can readily exploit these buffer overflows to gain access unauthorized access to the database server or cause a denial of service attack against...
Oracle Database Function Buffer Overflows and SQL Injection Attacks
The short-term future of SQL injection attacks is exploitation of the numerous buffer overflows in standard Oracle database functions. These buffer overflows greatly reduce the complexity of finding and executing SQL injection attacks against web...
Oracle Database Function Buffer Overflows – Oracle Applications Impact
Buffer overflows have been discovered in a number of Oracle Database functions. An attacker can readily exploit these buffer overflows to gain access unauthorized access to the database server or cause a denial of service attack against Oracle...
Oracle Security Alert #68 – Oracle E-Business Suite Impact
Oracle has released a set of security patches for the Oracle Database and Oracle Application Server that fix a large number of serious security vulnerabilities. The majority of these vulnerabilities can be exploited in all Oracle Applications...
Oracle Critical Patch Update – January 2005 - Oracle E-Business Suite Impact
Oracle has released the its first Critical Patch Update (January 2005) and fixes 23 vulnerabilities in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite - Integrigy discovered 5 of these vulnerabilities. The...
Oracle Critical Patch Update – July 2005 - E-Business Suite Impact
Oracle today will be releasing its third Critical Patch Update (July 2005). The patches contained in the Critical Patch Update will correct numerous security bugs in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite. A...
Oracle Critical Patch Update - October 2005 - E-Business Suite Impact
Oracle today released its fourth Critical Patch Update (October 2005). The patches contained in the Critical Patch Update will correct numerous security bugs in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite. Some of the...
Information Disclosure through Default Apache Scripts
As part of a default Apache installation, two default cgi-bin scripts, printenv and test-cgi, are installed. Oracle has included these scripts in the installation of 11i. This script provides information regarding the installation, which could be...
Internet Connected Applications and Search Engines
Oracle E-Business Suite self-service applications are often connected to the Internet for direct access by customers, suppliers, and employees. Using search engines (Google, Altavista, etc.) and simple search phrases, hackers can quickly find...