None

A new attack vector for the Oracle Database has been identified related to exploiting DBMS_SQL cursors that have not properly been closed.  The name for this type of attack is "Dangling Cursor Snarfing."  David Litchfield's paper...

A security research firm based in Argentina, Argeniss, had announced a plan to publicly disclose an unfixed Oracle Database security bug every day for a week in December - "The Week of Oracle Database Bugs."  A disclosed unpatched...

Oracle Database session information includes database user name, operating system user name, host, terminal, IP address, module, program, timestamps, session ID, and other details. These values are critical to auditing and identifying the actual end...

Oracle has adopted the Common Vulnerability Scoring System (CVSS) as its standard for communicating the severity of security vulnerabilities in its products.  The critics have already jumped on Oracle for "manipulating" the CVSS...

Oracle has updated the white paper "Best Practices for Securing Oracle E-Business Suite version 3.0.4" Metalink Note ID 189367.1.  The major changes to the document include - Added the new Oracle Applications 11.5.10 application...

If you analyze Oracle's Critical Patch Update for October 2006 Advisory and look for any vulnerabilities affecting the Oracle Database version 9.2.0.8, you will see in the "Oracle Database Risk Matrix" that there are no vulnerabilities for...

We have released our quarterly Oracle E-Business Suite Impact analysis for the Oracle Critical Patch Update (CPU) October 2006.  This analysis looks at the CPU from an Oracle E-Business Suite perspective and provides additional details on the...

As with previous Oracle Critical Patch Updates (CPU), a number of the database patches have not yet been released.  Major versions and operating systems are on the list.  Oracle has already "desupported" a number of versions by...

We have released our E-Business Technology Stack Support Matrix for the Oracle Critical Patch Update (CPU) October 2006.  The supported technology stack versions required by Oracle’s Critical Patch Updates (CPU) may be different from the...

Oracle has released the Critical Patch Update (CPU) for October 2006.  101 new vulnerabilities across all Oracle products are fixed in this CPU of which 45 are remotely exploitable.  The overall number is high as compared to previous CPUs...