The short-term future of SQL injection attacks is exploitation of the numerous buffer overflows in standard Oracle database functions. These buffer overflows greatly reduce the complexity of finding and executing SQL injection attacks against web...
Oracle Database Function Buffer Overflows – Oracle Applications Impact
Buffer overflows have been discovered in a number of Oracle Database functions. An attacker can readily exploit these buffer overflows to gain access unauthorized access to the database server or cause a denial of service attack against Oracle...
Oracle Security Alert #68 – Oracle E-Business Suite Impact
Oracle has released a set of security patches for the Oracle Database and Oracle Application Server that fix a large number of serious security vulnerabilities. The majority of these vulnerabilities can be exploited in all Oracle Applications...
Oracle Critical Patch Update – January 2005 - Oracle E-Business Suite Impact
Oracle has released the its first Critical Patch Update (January 2005) and fixes 23 vulnerabilities in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite - Integrigy discovered 5 of these vulnerabilities. The...
Oracle Critical Patch Update – July 2005 - E-Business Suite Impact
Oracle today will be releasing its third Critical Patch Update (July 2005). The patches contained in the Critical Patch Update will correct numerous security bugs in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite. A...
Oracle Critical Patch Update - October 2005 - E-Business Suite Impact
Oracle today released its fourth Critical Patch Update (October 2005). The patches contained in the Critical Patch Update will correct numerous security bugs in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite. Some of the...
Information Disclosure through Default Apache Scripts
As part of a default Apache installation, two default cgi-bin scripts, printenv and test-cgi, are installed. Oracle has included these scripts in the installation of 11i. This script provides information regarding the installation, which could be...
Internet Connected Applications and Search Engines
Oracle E-Business Suite self-service applications are often connected to the Internet for direct access by customers, suppliers, and employees. Using search engines (Google, Altavista, etc.) and simple search phrases, hackers can quickly find...
Oracle Reports Server APPS Password Disclosure
The Oracle Reports Server may disclose the current APPS password. Oracle Reports Server is installed as part of the default installation and is used by Oracle Business Intelligence (BIS) and related business intelligence modules (Financial...
- Read more about Oracle Reports Server APPS Password Disclosure
- Log in to post comments
Oracle E-Business Suite FNDFS Vulnerability
The Oracle Applications FNDFS program, used to retrieve report output from the Concurrent Manager server, can be used to remotely retrieve any file from the server without operating system or application authentication. A mandatory patch from Oracle...
- Read more about Oracle E-Business Suite FNDFS Vulnerability
- Log in to post comments